Job Openings (A) Penetration Tester

About the job (A) Penetration Tester

Key Role:

OSCP vs CEH penetration tester 

-To perform pen testing of web application 
-To perform pen testing of API Interface
-To perform pen testing of Mobile apps
-To perform pen testing of Source code
-To perform pen testing of Network Infrastructure (External & internal)
-To perform configuration review of Hosts and Database
-To perform Pen Test final reports and providing detailed remediation guidance for findings
-To perform compliance assessment
-To perform vulnerability assessment 

1 year to be based in Bangsar South. after the project end. 
Penetration testers need to have excellent computer skills and familiarity with computer hardware and computer network equipment, as well as computer programming skills. These skills are also needed to help them effectively identify vulnerabilities and determine how to correct security issues.

Requirements:

Candidates should process certs : 

  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Certified penetration testing professional (CPENT)
  • In-depth knowledge of TCP/IP networking and application protocols concepts.
  • Understanding of software exploitation and common vulnerabilities.
  • Understanding of port scanning, vulnerability assessment and fuzzing tools.
  • Knowledge of protocols associated with web technologies.
  • Understanding of OWASP Top 10 and SANS 25 vulnerabilities and their mitigations.
  • Knowledge about security testing of mobile apps and related APIs.
  • Proficient with one of the scripting languages (e.g., Python).
  • Knowledge of cryptographic and security protocols.
  • Understanding of penetrating testing tools like Metasploit; able to write auxiliary modules and code exploits.
  • Knowledge on hardware exploitation techniques (e.g., firmware reverse engineering).
  • Conduct highly complex offensive security testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
  • Documentation of security issues and impacts identified through offensive security testing in a clear and concise manner to facilitate reporting to impacted stakeholders/organizations.
  • Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps, remediation validation testing and to reduce to the risk to an accepted minimal level.
  • Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
  • Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
  • Assist in scoping and executing prospective engagements
  • Understand and safely use various open-source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures
  • Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
  • While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hire.
  • Develop scripts, tools, or methodologies to enhance MSIs penetration testing processes

Qualifications:

  • Bachelor's degree, preferably in computer science or information systems, or equivalent work experience
  • Capable with Penetration Testing tools like Burp Suite, Fortify, Metasploit, Wireshark and Kali Linux
  • Minimum 1 year of industry experience.
  • Capable with OWASP Top 10 security vulnerabilities
  • Added advantage if acquire certifications such as OSCP, CREST CPSA, GWAPT, GPEN, and others.

-Salary range RM3000-7000

-Min 1 yr of experience

-open race open gender

-training will be provided

- year end bonus subject to performance review