Technology: Penetration Tester

Calling all Cyber Guardians! ‍️ Elevate your career with our partner companies as a Penetration Testing Maestro. Your expertise can be the difference-maker in the battle against cyber threats. Apply now and help secure the digital world.

About SIEGEN SOLUTIONS:

Siegen Solutions specializes in partnering technology-focused clients by connecting them with top-tier talents. Our commitment lies in bridging the gap between exceptional candidates and cutting-edge technologies. At Siegen Solutions, we understand that success hinges on the right people with the right expertise. We're here to match skilled candidates with opportunities that align perfectly with their technological prowess.

Key Responsibilities:

• Vulnerability Assessment : Conducting comprehensive assessments of web applications and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application / server.
• Penetration Testing : Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers.

This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.

• Security Analysis : Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
• Reporting and Documentation : Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation.

These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.

Remediation Support : Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities.

This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.

Stay Up to Date : Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices.

This includes staying informed about emerging threats and trends in web applications and infrastructure.

• Ethical Approach : Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
• Continuous Improvement : Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.

Requirements:

Minimum Criteria :

Education : A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory.

Relevant industry experience can compensate for formal education requirements.

Technical Knowledge : A strong understanding of web technologies, programming languages (, HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential.

In-depth knowledge of data network, operating systems, active directory, and databases. Strong understanding of active directory attacks and Pentest methodology (OSSTMM, OWASP, NIST : 800-115).

Skills :

Web Application Security : In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies.

Strong understanding of OWASP Top 10 vulnerabilities is crucial.

• Infrastructure security : Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws
• Penetration Testing Techniques : Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
• Programming and Scripting : Proficiency in at least one programming language (, Python, Ruby, or JavaScript, etc.) to write custom scripts and tools.

Understanding SQL queries for database testing is also important. Strong understanding for the following : PowerShell, Bash scripting,

Analytical and Problem-Solving Skills : Ability to analyze complex web application environments, identify vulnerabilities, and exploit them.

Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.

Holds relevant industry certification / s or equivalent like the following :

• CEH Certified Ethical Hacker
• OSCP Offensive Security Certified Professional
• GPEN GIAC Penetration Tester
• PNPT Practical Network Penetration Tester
• Burp Suite Certified Practitioner
• eWAPT / eWAPTx eLearning Web Application Penetration Tester