Beschreibung
For one of our clients we are looking for a Penetration TesterProject Description:
The client's security team performs continuous security assessment of existent application’s landscape. The goal of such testing is to identify and fix weak points before they are exposed by an attacker.
During the execution phase of this project, which will happen from , it is the ambition of the team to assess over 300 important applications.
Each evaluation is followed by a remediation phase to fix existing security flaws.
Task Description:
• Perform network penetration, web, infrastructure and mobile application testing, source code reviews, threat analysis
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Make suggestions for security improvements
• Enhance existing methodology material
Required skills:
• Minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments
• Strong knowledges on tools used for wireless, web application, and network security testing, such as WebInspect, Kali Linux, Metasploit, Burp suite, Nmap, Cobalt Strike, Nessus and Scuba
• An implementation level knowledge with all common classes of modern exploitation such as: XSS, RCE, SQLi, etc - Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
• Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, PHP, .NET, C#, or others
• Mastery of Unix/Linux/Windows operating systems, including bash and Powershell
• Thorough understanding of network protocols, data on the wire, and covert channels
• Deep understanding and experience with various Active Directory attack techniques
• Knowledge of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors
• Red team experience with SAP system
• Ability to share your in-depth knowledge with the team to train less experienced colleagues
• Fluent in English, due to the international character of the project
Start: ASAP
Duration: 6 months+
Location: Düsseldorf