Penetration Tester - Associate/Consultant/Senior/SME (Onsite)
  • United Arab Emirates Dubai
  • NST Cyber
1 year before
31.12.2023
Securely Provision
Test and Evaluation
Job Description

Penetration Testers/Offensive Security Consultants (Associate / Consultant / Senior / SME) at NST Cyber (NetSentries) get exciting opportunities to work with large enterprises across the globe to support them to meet their security assurance validation requirements. The role is part of the Service Delivery function, and we are seeking candidates with an achiever’s mindset seeking fast growth in the technology-centric work environment and ample exposure to the latest in the industry to meet challenging customer requirements.

PRIMARY RESPONSIBILITIES

The right candidate should have proficiency in conducting TWO or more of the below type of assessments.

Perform intelligence-led security assessments on Internet-facing web applications
Perform security assessments on internal/external software applications/services, including the services layer segments with REST/SOAP/GraphQL APIs, ESB, Middleware, or other channels.
Perform penetration tests across public/private network infrastructure assets
Perform code aware penetration testing and security assessment of the iOS/Android mobile applications
Perform assessments of wireless networks and OT assets/components
Perform security assessment of cloud environments (AWS/Azure/GCP/other) with automated tools, custom scripts, and configuration audits.
Perform internal and external adversary emulations and AD red teaming.

ADDITIONAL RESPONSIBILITIES

Develop testing scripts and procedures for comprehensive assessment requirements
Conducts penetration tests and vulnerability assessments against client infrastructure following a standard testing methodology using automated, ad-hoc, and manual testing techniques.
Compile executive and technical reports and make recommendations to findings in a responsive fashion.
Conducts external and internal segmentation testing against client infrastructure.
Develop penetration testing strategy and test cases for complex enterprise applications
Develop methodology documents and pre-engagement questionnaires for Penetration Testing and Vulnerability Assessment projects.
Thoroughly document exploit chain/proof of concept scenarios for client consumption.

REQUIREMENTS

3-6 years of relevant work experience.
Based on experience and skill set, candidates will be considered for Associate Consultant, Consultant, Senior Consultant, or SME positions.
Ability to work methodically, independently, and prioritize work
Excellent communication skills (written & verbal) in English, must be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume the role of a trusted subject matter expert.
Strong technical knowledge in performing manual/ automated network security assessments using open-source and commercial security tools on various operating systems, applications, networks, and security infrastructure devices.
Excellent up-to-date technical and hands-on knowledge and experience in current attack methods, penetration testing methods, and hacking tools, especially for web applications, are required.
A Desire to learn and to share knowledge.
Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25.
Hands-on experience in Kali Linux, Metasploit, Nexpose, Nmap, Burp, Paros, Nessus, Appscan, Core Impact, and other relevant tools.
Programming experience in Python, PHP, Perl, Ruby, NET, or other interpreted or compiled languages.
Experience with reverse engineering, exploit development, and mobile and industrial control systems are a plus.
OSCP/OSWE/OSEP/OSCE/CRTP or other security certifications are desirable
Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude
Willingness to travel extensively (domestic/international)

NST Cyber (NetSentries) is an Enterprise Cyber Security Assessor serving Global Banks and Forbes 2000 companies across four continents. We serve our customers by continuously identifying Cyber Risks and enabling Blue teams with Threat Informed Defensive capabilities to protect their organizations better.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0027   Knowledge of organization's enterprise information security architecture.
  • K0028   Knowledge of organization's evaluation and validation requirements.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0091   Knowledge of systems testing and evaluation methods.
  • K0139   Knowledge of interpreted and compiled computer languages.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0250   Knowledge of Test & Evaluation processes for learners.
Required Skills
  • S0015   Skill in conducting test events.
  • S0107   Skill in designing and documenting overall program Test & Evaluation strategies.
  • S0112   Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
  • S0115   Skill in preparing Test & Evaluation reports.
Required Abilities
  • A0030  Ability to collect, verify, and validate test data.
  • A0040  Ability to translate data and test results into evaluative conclusions.