Jordan - Amman Jordan

Employment: Full Time

Education: Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)

Main Job Responsibilities:

Plan and conduct black-box, white-box, and gray-box penetration testing
engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
Document findings, develop security reports, and present them to relevant stakeholders.
Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
Continuously improve the organization security posture by creating, developing,
maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
Promote security awareness and best practices throughout the organization.
Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.

Skills

Requirements

Needed Competencies:

Excellent communication skills to convey technical findings to both technical and non-technical audiences.
Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
Foster a collaborative environment where security is viewed as a shared responsibility.
Effectively mentor and train security best practices to internal teams (developers, operations, etc.).

Knowledge, skills and abilities:

Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.
Network security concepts (firewalls, IDS/IPS, network protocols).
Web application security principles (OWASP Top 10) and testing methodologies.
Mobile application security testing for Android and iOS.

Preferences:

Offensive Security Certified Professional (OSCP) or equivalent certification
Experience in cloud penetration testing (e.g., AWS, Azure, Mendix)
Demonstrated expertise in identifying and mitigating data exfiltration vulnerabilities across application layers and integration points.
Experience in code review for control flow and security flaws.
Experience in low-code/no-code application security testing (a plus).
Understanding of security standards and frameworks, such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top Ten, and general security best practices.
Hands-on experience with security frameworks (NIST, ISO27001, etc.) and risk assessment methodologies.
Experience with scripting languages (Python, Bash) for automating penetration testing tasks.
Familiarity with security automation tools.
Excellent written and verbal communication skills to convey technical findings to both technical and non -technical audiences.
Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.

Education:

Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)

Experience:

Post date: 27 May 2024

Publisher: