Penetration Tester - Associate/Consultant/Senior/SME (Onsite)(Job code DXB_160424_2)

Penetration Testers/Offensive Security Consultants (Associate / Consultant / Senior / SME)atNetSentriesget exciting opportunities to work with large enterprises across the globe to support them to meet their security assurance validation requirements. The role is part of the Service Delivery function, and we are seeking candidates with an achiever’s mindset seeking fast growth in the technology-centric work environment and ample exposure to the latest in the industry to meet challenging customer requirements.

PRIMARY RESPONSIBILITIES

The right candidate should have proficiency in conducting TWO or more of the below type of assessments.

• Perform intelligence-led security assessments on Internet-facing web applications
• Perform security assessments on internal/external software applications/services, including the services layer segments with REST/SOAP/GraphQL APIs, ESB, Middleware, or other channels.
• Perform penetration tests across public/private network infrastructure assets
• Perform code aware penetration testing and security assessment of the iOS/Android mobile applications
• Perform assessments of wireless networks and OT assets/components
• Perform security assessment of cloud environments (AWS/Azure/GCP/other) with automated tools, custom scripts, and configuration audits.
• Perform internal and external adversary emulations and AD red teaming.

ADDITIONAL RESPONSIBILITIES

• Develop testing scripts and procedures for comprehensive assessment requirements
• Conducts penetration tests and vulnerability assessments against client infrastructure following a standard testing methodology using automated, ad-hoc, and manual testing techniques.
• Compile executive and technical reports and make recommendations to findings in a responsive fashion.
• Conducts external and internal segmentation testing against client infrastructure.
• Develop penetration testing strategy and test cases for complex enterprise applications
• Develop methodology documents and pre-engagement questionnaires for Penetration Testing and Vulnerability Assessment projects.
• Thoroughly document exploit chain/proof of concept scenarios for client consumption.

REQUIREMENTS

• 3-6 years of relevant work experience.
• Based on experience and skill set, candidates will be considered for Associate Consultant, Consultant, Senior Consultant, or SME positions.
• Ability to work methodically, independently, and prioritize work
• Excellent communication skills (written & verbal) in English, must be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume the role of a trusted subject matter expert.
• Strong technical knowledge in performing manual/ automated network security assessments using open-source and commercial security tools on various operating systems, applications, networks, and security infrastructure devices.
• Excellent up-to-date technical and hands-on knowledge and experience in current attack methods, penetration testing methods, and hacking tools, especially for web applications, are required.
• A Desire to learn and to share knowledge.
• Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25.
• Hands-on experience in Kali Linux, Metasploit, Nexpose, Nmap, Burp, Paros, Nessus, Appscan, Core Impact, and other relevant tools.
• Programming experience in Python, PHP, Perl, Ruby, NET, or other interpreted or compiled languages.
• Experience with reverse engineering, exploit development, and mobile and industrial control systems are a plus.
• OSCP/OSWE/OSEP/OSCE/CRTP or other security certifications are desirable
• Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude
• Willingness to travel extensively (domestic/international)

NetSentriesis an Enterprise Cyber Security Assessor serving Global Banks and Forbes 2000 companies across four continents. We serve our customers by continuously identifying Cyber Risks and enabling Blue teams with Threat Informed Defensive capabilities to protect their organizations better.

LOCATION

Dubai, Abu Dabi - UAE