Oferta pracy

Penetration Tester Internal Systems Support Area

PwC

  • Pawia 7, Stare Miasto, Kraków
    Kraków, Lesser Poland
  • offer expired a day ago
  • contract of employment
  • full-time
  • specialist (Mid / Regular)
  • home office work, hybrid work
  • More than one vacancy
  • remote recruitment

PwC

Pawia 7

Stare Miasto

Kraków

Technologies we use

Operating system

About the project

We are looking for passionate and experienced individuals who are immersed in the offensive side of the information security industry. The ideal candidate will be self-motivated, have an eagerness and aptitude to learn in the challenging environment.

Your responsibilities

  • Identify and exploit vulnerabilities in commercial, open source, and custom software applications and underlying cloud infrastructure

  • Manage vulnerability and exploit data in large scale tests using collaboration tools across a global team

  • Knowledge of existing, emerging threats, web security principles and attack vectors

  • Ability to author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options according to NIS standards.

  • Deliver technical debriefs to engineers and developers during report discussion meetings as required

  • Maintain testing tools, hardware, and equipment, creating new tools where appropriate

  • Provide guidance to application development groups on application security best practices

  • Support application security assessment result review and mitigation approval

  • Support remediation effort and track open issues and follow up to ensure remediation

  • Demonstration of continuous professional learning the latest and most advanced security testing techniques, development tools and frameworks

Our requirements

  • Passion for penetration testing

  • 4-5 years Penetration Testing Experience

  • One minimum certification from desirable penetration certifications (e.g. Security+, CEH (including practical), ECSA(including practical), LPT(including practical))

  • Demonstrable experience identifying and exploiting vulnerabilities in commercial, open source, and custom software products

  • Automation experience

  • Python, Bash programming

  • Demonstrate capability of manually executing OWASP based of attacks

  • Demonstrable experience conducting post-exploitation lateral movements activities is required

  • Strong knowledge of common networking configurations, load balancing, firewalls, and security controls

  • Strong knowledge of authentication and SSO technologies

  • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

  • Strong knowledge of applied cryptography and common implementation flaws

  • Strong Knowledge of virtualized infrastructures is preferred

Optional

  • One minimum certification from desirable penetration certifications (e.g. OSCP, OSWE, GPEN, GWAPT, GXPN, CREST CRT/CCT [certified web/infrastructure tester])

  • Demonstrable experience identifying and exploiting vulnerabilities APIs (JSON/REST/SOAP/XML/AJAX)

  • Demonstrable experience identifying and exploiting vulnerabilities in mobile applications (iOS, Android) is highly preferred

  • Demonstrable strong experience with penetration testing tools (e.g. Metasploit, Burp Suite, Appspider etc.)

  • Ability to write a code in python and ruby is highly preferred

  • Ability to understand Java, C#, JavaScript Frameworks such as C#, .Net, Python, node.js, jQuery, Bootstrap, Django, JavaScript, mobile app development, Go, and other common languages is a plus

  • Ability to build automation to eliminate recurring work

  • Demonstrable experience conducting code reviews is optional

  • Excellent written communication skills are plus

  • Excellent knowledge of common operating systems is required, knowledge of less popular and legacy operating systems is a plus

  • Benefits

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • dental care

  • employee referral program

  • charity initiatives

Should you have any queries, please contact [email protected] with the job title in the subject

PwC

We are looking for passionate and experienced individuals who are immersed in the offensive side of the information security industry. The ideal candidate will be self-motivated, have an eagerness and aptitude to learn in the challenging environment.

Scroll to the company’s profile