Balusian is looking for an engineer that will work in the Cybersecurity Team of one of our clients (an international organization based in Valencia), in the newly Red Team, to provide penetration testing services, security reviews, and challenge the overall security in place.
The candidate should be passionate about penetration testing and shall have a minimum five years of offensive cybersecurity experience, mostly on web applications.
Scope of Work / Duties of Consultant:
• Ability to question everything.
• Be creative, but above all remain ethical.
• Perform white, grey and black box testing of applications and systems manually and with automation tools.
• Perform security code reviews.
• Performs attacks emulating threat actors based on Threat Intelligence’s team data.
• Work sometimes in purple team operations to improve internal security.
• Execute security reviews and support threat modelling exercises.
• Work in tabletop exercises.
• Research into the newly released vulnerabilities and development of tools to exploit them.
• Develop and improve tools and documentation that can help accelerate the security assessment.
• Ability to gather the necessary information from the client to proceed with a security assessment.
• Ability to work with the clients and present advices and recommendations.
• Write security assessment reports, including executive summary, map security score and attribute the possible impact, present mitigation instructions that are easy to follow.
• Possess outstanding skills in communicating complex technical issues and in providing comprehensive written, oral and/or digital products (including document organization and technical writing).
• Work both independently and in a collaborative team environment to meet required schedules and timelines.
• Comply with all corporate and departmental privacy and data security policies and practices.
• Provide other ad hoc support as required.
• Penetration testing work might be required to be performed on weekends or after business ours, and it will be compensated with business working days off.
Required Technical Skills:
• Possess penetration test certifications (Offensive Security, eLearnSecurity, SANS)
• Experience with web application penetration testing.
• Experience with APIs penetration testing.
• Knowledge of penetration testing commercial and open-source tools.
• Knowledge and experience with attack simulation, vulnerability management and application testing using automated and manual tools. The resource SHOULD have the following skills and experience:
• Developed or customized penetration test open-source tools.
• Have tested its skills on platforms like Hack The Box.
• Experience with mobile application penetration testing.
• Experience with automated application security tools to perform static and dynamic tests.
• Intermediate knowledge of Python, Bash and PowerShell.
• Basic knowledge of programming languages.
• Basic knowledge of Software Development Lifecycle.
• Foster security education and training to administrators and developers.
• Knowledge of threat modelling and risk assessment techniques.
• Familiarity with API Security, Container Security, AWS Cloud Security, Azure DevOps.
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
Required Soft Skills:
• Attention to detail.
• Be ethical, respecting the rules of engagement and privacy.
• Maturity on dealing with findings.
• Strong teamwork and communication skills.
• Customer facing experience and oral communication skills.
• Ability to write documentation & reports.
• Creativity/ability to find innovative solutions.
• Willingness to learn on the job.
• Conflict management & cooperation.