Senior Pentesting Team Lead
2/27/2022 12:00:00 AM date published
2/27/2022 12:00:00 AM date published
At AMATAS we hire talented people who flourish solving hard problems and give them opportunities to own new skills, try new approaches, and grow in new directions.
Our culture is at the heart of our success. We share a real passion for winning and put the customer at the center of everything we do.
The penetration testing team has the opportunity to apply its creativity, business knowledge and technical skills daily using new and innovative tools/techniques in a collaborative environment.
The Senior Pentesting Team Lead will be responsible for performing hands-on penetration testing, source code review, security test planning, and vulnerability analysis; focusing primarily on manual exploitation of web applications, infrastructure express in both external and internal networks and mobile applications. The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers. Experience and technical knowledge in application and network security, authentication and security protocols, cryptography, and web application security are essential. Must be able to work both independently and as a part of team testing efforts.
Job Skill & Qualifications Requirements:
- Bachelor’s degree in a technical field (Computer Science, Information Systems, Information Systems Security) or equivalent background and experience;
- Excellent English skills (written and verbal);
- Offensive penetration testing experience as well as an ability to suggest countermeasures and defensive strategies that are adjusted to the used technology;
- Experience and clear understanding of secure SDLC and version control systems;
- Experience writing complex code and the ability to write your own automation tools, as well as adapting existing tools for your needs;
- Breadth of knowledge and experience across the information security domain, such as endpoint security, SIEM, IDS, identity management, vulnerability management, incident response, and threat intelligence;
- System administration and developer operations capabilities which are often required in order to provide a comprehensive and definitive vulnerability remediation advice;
- Knowledge and experience in multiple different development frameworks - both frontend and backend (Spring, Laravel, Vue);
- Knowledge and experience in the field of reverse engineering, shellcode writing, and forensics;
- In-depth knowledge of cryptography and its use in modern technologies as well as an understanding of how to apply and exploit existing implementations;
- Familiarity with Cloud security fundamentals and common security issues and deploy management strategies;
- Developing new and maintaining existing methodologies and service processes part of the cyber assessment services portfolio;
- A passion for poking security holes in complex systems, enjoy looking for 0-days, coming up with new and innovative attacks;
- Background and knowledge of general security concepts, such as defense-in-depth, MITRE ATT&CK framework and security architectures;
- Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations;
- Excellent knowledge of penetration testing methodologies and frameworks including Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), PCI DSS Penetration Testing Guidance, National Institute of Standards and Technology (NIST) Special Publication SP800-115;
- Ability to document and explain technical details in a concise and understandable manner;
- Ability to manage and balance own time among multiple tasks;
- Strong written and verbal communication skills;
- Preferred certifications: OSCP, AWAE, OSCE, GPEN, GWAPT, GXPN, OSWE.
We would consider it a PLUS:
- Knowledge in the field of Kleptography and Cryptovirology;
- Low-level exploitation (bypassing ASLR, DEP, SEH), return-orientated programming (ROP), clear understanding of how memory allocation works;
- Hardware exploitation (JTAG debugging, binary analysis, extracting firmware from EEPROM or FLASH memory, tampering, RF packet sniffing and other).
Duties and Responsibilities:
- Work closely with the team of penetration testers and conduct regular penetration tests, source code reviews and vulnerability assessments with a focus on quality;
- Develop and execute custom programs for internal team trainings;
- Document vulnerabilities, write complete reports following a specific structure;
- Improve the services under his/her responsibilities by means of innovation and in accordance with the business need;
- Participate in meetings with customers when technical expertise is required;
- Work and collaborate with our vendors and partners;
- Support the growth and improvement of our cyber assessment services.
- Competitive remuneration package;
- Additional health insurance;
- Corporate discount vouchers;
- Continuous training programs;
- Certification in the field of cybersecurity.