31.01.2022 Remote | Fulltime
If you fit in this offer, please send your CV mentioning the job title to: firstname.lastname@example.org
The Penetration Tester shall be responsible for the following, but not limited to:
Scope of Work / Duties of Consultant:
· Ability to question everything.
· Be creative, but above all remain ethical.
· Perform white, grey, and black box testing of applications and systems manually and with automation tools.
· Perform security code reviews.
· Plan Red Team exercises.
· Performs attacks emulating threat actors based on Threat Intelligence’s team data.
· Work in purple team operations to improve internal security.
· Execute security reviews and support threat modelling exercises.
· Work in tabletop exercises.
· Research into the newly released vulnerabilities and development of tools to exploit them.
· Develop and improve tools and documentation that can help accelerate the security assessment.
· Ability to gather the necessary information from the client to proceed with a security assessment.
· Ability to work with the clients and present advice and recommendations.
· Write security assessment reports, including executive summary, map security score and attribute the possible impact, present remediation instructions that are easy to follow.
· Possess outstanding skills in communicating complex technical issues and in providing comprehensive written, oral and/or digital products (including document organization and technical writing).
· Work both independently and in a collaborative team environment to meet required schedules and timelines.
· Comply with all corporate and departmental privacy and data security policies and practices.
· Provide other ad hoc support as required.
· Penetration testing work might be required to be performed on weekends or after business hours, and it will be compensated with business working days off
Required technical skills:
The resource MUST have the following skills and experience:
· Possess penetration test certifications (Offensive Security, eLearnSecurity, SANS)
· Experience with web application penetration testing.
· Experience with APIs penetration testing.
· Knowledge of penetration testing commercial and open source tools.
· Knowledge and experience with attack simulation, vulnerability management and application testing using automated and manual tools.
The resource SHOULD have the following skills and experience:
· Developed or customized penetration test open source tools.
· Have tested its skills on platforms like Hack The Box.
· Experience with mobile application penetration testing
· Experience with automated application security tools to perform static and dynamic tests.
· Intermediate knowledge of Python, Bash and PowerShell.
· Basic knowledge of programming languages.
· Basic knowledge of Software Development Lifecycle.
· Foster security education and training to administrators and developers.
· Knowledge of threat modelling and risk assessment techniques.
· Familiarity with API Security, Container Security, AWS Cloud Security, Azure DevOps.
· Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc
Required Soft Skills:
· Attention to detail.
· Be ethical, respecting the rules of engagement and privacy.
· Maturity on dealing with findings.
· Strong teamwork and communication skills.
· Customer facing experience and oral communication skills.
· Ability to write documentation & reports.
· Creativity/ability to find innovative solutions.
· Willingness to learn on the job.
· Conflict management & cooperation.
· Bachelor’s in computer security
UNICC is committed to achieving diversity and inclusion within its workforce, providing an environment that reflects the values enshrined in the Charter of the United Nations and encourages all qualified applicants, irrespective of gender, nationality, disabilities, sexual orientation, culture, religious and ethnic backgrounds to apply. ICC is dedicated to the SDGs, making SDG-5 (Gender Equality) and SDG-10 (Reduce Inequalities) the organization goals.