Penetration Testing Analyst

Jordan - Amman Jordan

Main Job Responsibilities:

  • Plan and conduct black-box, white-box, and gray-box penetration testing
  • engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
  • Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
  • Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
  • Document findings, develop security reports, and present them to relevant stakeholders.
  • Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
  • Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
  • Continuously improve the organization security posture by creating, developing,
  • maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
  • Promote security awareness and best practices throughout the organization.
  • Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
  • Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
  • Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.


Skills

Requirements

Needed Competencies:

  • Excellent communication skills to convey technical findings to both technical and non-technical audiences.
  • Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
  • Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
  • Foster a collaborative environment where security is viewed as a shared responsibility.
  • Effectively mentor and train security best practices to internal teams (developers, operations, etc.).


Knowledge, skills and abilities:

  • Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.
  • Network security concepts (firewalls, IDS/IPS, network protocols).
  • Web application security principles (OWASP Top 10) and testing methodologies.
  • Mobile application security testing for Android and iOS.


Preferences:

  • Offensive Security Certified Professional (OSCP) or equivalent certification
  • Experience in cloud penetration testing (e.g., AWS, Azure, Mendix)
  • Demonstrated expertise in identifying and mitigating data exfiltration vulnerabilities across application layers and integration points.
  • Experience in code review for control flow and security flaws.
  • Experience in low-code/no-code application security testing (a plus).
  • Understanding of security standards and frameworks, such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top Ten, and general security best practices.
  • Hands-on experience with security frameworks (NIST, ISO27001, etc.) and risk assessment methodologies.
  • Experience with scripting languages (Python, Bash) for automating penetration testing tasks.
  • Familiarity with security automation tools.
  • Excellent written and verbal communication skills to convey technical findings to both technical and non -technical audiences.
  • Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.

Education:

Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)


Experience:

  • 3+ years of experience in penetration testing or a related security discipline
  • 2+ years of experience with vulnerability management tools and processes


Post date: 27 May 2024
Publisher: Bayt
Post date: 27 May 2024
Publisher: Bayt