Job Description

Role and Responsibilities

Penetration Testing: manages and conducts internal and external penetration testing. Vets and coordinates 3rd party vendors and the business to deliver high quality penetration and red team testing. Reviews and validates security findings. Works with the business and information security teams to understand security gaps and guide on improvements.
Vulnerability Scanning: runs and manages vulnerability scans. Maintains and continuously improves the vulnerability scanning infrastructure. Proactively seeks to minimize operational impact through vulnerability scanning process improvement.
Threat Automation: creates, develops and manages projects and products that continuously simulate new and emerging security threats and threat actors. Writes, validates and augments tools to support our evolving security requirements, use cases and organizational threat goals. Evaluates and implements software with scalability and repeatability in mind, ensuring that security controls are accurate and measurable.
Red Team Intelligence: plans, develops and manages unique red team projects to support strategic information security goals. Gains deep insight into infrastructure, applications, business, operational and personnel processes to accurately inform on security risks and vulnerabilities. Emulates and applies real world threat intelligence and attacker techniques to effectively test organizational security. Stays informed, and tenaciously pursues applicable attack paths.

Certifications

OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications, CISSP, Certified Ethical Hacker (CEH) required. Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming, strong knowledge on OWASP Top 10, Mobile Application PenTesting.

Send CV

If you meet the job requirements, please send your CV to
hr@dts-solution.com

Quick response

Required Knowledge

• K0009   Knowledge of application vulnerabilities.
• K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0089   Knowledge of systems diagnostic tools and fault identification techniques.
• K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• K0162   Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• K0301   Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• K0342   Knowledge of penetration testing principles, tools, and techniques.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0051   Skill in the use of penetration testing tools and techniques.
• S0052   Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.