Beschreibung
aktuell sind wir auf der Suche nach Unterstützung von externen Penetration Tester / Ethical Hacker.Für anstehende Kundenprojekte möchten wir dazu einen Pool an externe Pentestern aufbauen, die bei Bedarf kurzfristig für ein Projekt beauftragt werden können.
Die Vorlaufzeiten für ein Projekt betragen im Schnitt ca. 2 Wochen, deswegen planen wir mindestens 5 Penetration Tester auszuwählen und die vertragliche Grundlage zu schaffen, damit kurzfristig beauftragt werden kann.
Responsibilities:
1. Performs various aspects of vulnerability assessments / penetration tests across a wide variety of platforms and technologies like Mobile Apps/Web App and API/Network Infrastructure/W-LAN and IoT devices.
2. Appropriate level of proficient in commercial and open source security tools (e.g., Kali Linux, Nessus, Nmap, Metasploit, Burp Suite, Acunetix, Maltego, Nikto, Wireshark, etc.).
3. Manage Projects from scratch, sharing knowledge, document procedures and preparing detailed reports.
4. Develop and refine tools, templates and methodologies.
5. Keep up to date with tools, countermeasures, threats and technologies.
6. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more programming language.
Required Qualifications:
1. Minimum three years of conducting penetration testing on live corporate and production environments.
2. The candidate should be analytical and creative with the ability to drive threat identification to closure.
3. Comprehension of OWASP Top 10 (both web and mobile), OSSTMM, PTES, NIST und ISSAF technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.
4. Knowledge of exploits, threat actors, and attack methods.
5. A strong core understanding of security tests and experience possess strong skills in both computer and networking hardware and software.
6. Ability to utilize and gather Intelligence for indicators, information gathering, Operations Security, and Open Source Intelligence.
7. Comfortable working in a fast-paced environment.
Preferred Qualifications:
• Cybersecurity preferred certifications: Offensive Security OS(C(P|E) |EE), GIAC Penetration Tester (GPEN), Certified Cloud Security Professional (CCSP), EC-Council CEH.
• 3+ years of experience in penetration testing/Red Team and security code review experience.
• Strong coding skills including any of the following: PHP, C#, HTML, ASP.NET, Python, PowerShell
• Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
• Effective communication skills (written and verbal) in German and/or English
Rahmenbedingungen:
Ort: remote
Sprache: DE wünschenswert
Aufwand: Diverse Projekte, nach Abschätzung des Beraters
Haben wir Ihr Interesse geweckt?
Dann freuen wir uns über die Zusendung Ihres CV's im Word-Format mit Kontaktdaten, Honorarsatz und Verfügbarkeit an:
Beste Grüße
Moritz Stingel
STINGEL CONSULTING GmbH
http://www.stingel-consulting.de
READY FOR EXCELLENCE ? -- JOIN US ! -- CONSULTANTS. ARCHITECTS. DEVELOPERS. -- http://stingel-consulting.de