Main Responsibilities and Duties
- Conduct vulnerability assessment of networks, IT services and applications, and security devices, using various commercial and open source tools.
- Conduct internal and external penetration testing, using known commercial and open source penetration testing tools.
- Conduct mapping and discovery analysis on networks, servers, and security devices, to discover exposed services, vulnerabilities and infiltration points.
- Conduct mapping and code reviews to expose applications vulnerabilities, misuse cases testing, interface testing.
- Develop VAPT assessment scoping and implementation plans and schedules, in coordination with related IT/IS senior management and divisions, to insure tests are focused, adequate, and limited in scope, and does not cause any operational issues.
- Work closely with other SOC team members and IS team to identify and document incidents/ potential threats, and mitigation techniques.
- Ensure VAPT tests and incidents are correctly reported and documented in accordance with Cyber Security & Incident Response policies and procedures.
- Build and maintain Cyber security documentation detailing threats, and mitigation techniques, for incidents, attacks, and vulnerabilities, that might arise from security audit, vendor news-letters or threats announced from well renown Cyber security tracking entities.
- Maintain tracking record of Vulnerabilities and exploits records, it’s risk levels, its mitigation and solution techniques, and follow-up on its implementation with related party.
- Remain vigilant, continuously conduct R&D, to learn new skills, and new tools, and suggest actions that will increase organization over all security posture.
- Strong experience in OSI layers and its Common protocols functionality, possible exploits, common threats, and preventions.
- Strong Knowledge of commercial and open-source vulnerability and pen testing tools.
- Strong Knowledge of one or more programming and scripting tools (Python, Java, PowerShell, Bash, SQL DDL and DML)
- Strong understanding of protocols headers, flags, structure, and communication mechanisms.
- Strong knowledge of well known attacks and vulnerabilities, and mitigation techniques.
College degree, preferably in Computer Science, or engineering is preferred.
- Good verbal/written communication.
- Excellent interpersonal skills.
- Works well under pressure.
- Responsible attitude.
- Positive team player.
- Able to take initiative.
- Good time management.
- Attention to detail, methodical.
Required Certifications: Any of the below certification is a Plus, or other related.
- OSCP (Offensive security certified professional)
- CEH (Certified Ethical Hacker).
- LPT (Licensed Penetration testing Master)