Penetration Testing Analyst

ََََ - Jordan
ََََ

Job Description

Our Mission is to Simplify Life. We are looking to Simplify and automate complex decision-making for customer centric industries, like Utilities, Financial Services, Logistics, and commerce, that drive the world's economies and you have the chance to join the revolution. We are trying to solve huge challenges in today's enterprise that are directly impacting the employee and customer experience.


What can we promise you:

  • You’ll join a global family of awesome, passionate people that are working together to build a sustainable, scalable ecosystem committed to using logic to create a better experience.
  • We want you to help us become better. You will be empowered to drive change and innovate.
  • That we will invest in you. We will give you the opportunity to master your domain and drive excellence.


Job Summary:


This is an exciting opportunity to join our IT department as a Penetration Tester and play a key role in safeguarding our organization's digital assets. You'll leverage your offensive security expertise to proactively identify vulnerabilities in Avertra's systems, networks, and applications. As a trusted advisor, you'll collaborate across departments to translate your findings into actionable recommendations, fostering a security-conscious culture throughout the organization.


In this role within the SDLC (Software Development Life Cycle), you'll actively participate in security assessments from the planning stages, ensuring potential weaknesses are addressed before deployment. By continuously honing your skills and staying abreast of the

latest hacking techniques, you'll be instrumental in maintaining our organization's cutting- edge security posture.


Main Job Responsibilities:


  • Plan and conduct black-box, white-box, and gray-box penetration testing engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.

  • Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.

  • Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.

  • Document findings, develop security reports, and present them to relevant stakeholders.

  • Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.

  • Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.

  • Continuously improve the organization security posture by creating, developing, maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.

  • Promote security awareness and best practices throughout the organization.

  • Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.

  • Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.

  • Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.


Skills

Requirements

Needed Competencies:

  • Excellent communication skills to convey technical findings to both technical and non-technical audiences.
  • Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
  • Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
  • Foster a collaborative environment where security is viewed as a shared responsibility.
  • Effectively mentor and train security best practices to internal teams (developers, operations, etc.).


Knowledge, skills and abilities:

  • Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.
  • Network security concepts (firewalls, IDS/IPS, network protocols).
  • Web application security principles (OWASP Top 10) and testing methodologies.
  • Mobile application security testing for Android and iOS.


Preferences:

  • Offensive Security Certified Professional (OSCP) or equivalent certification
  • Experience in cloud penetration testing (e.g., AWS, Azure, Mendix)
  • Demonstrated expertise in identifying and mitigating data exfiltration vulnerabilities across application layers and integration points.
  • Experience in code review for control flow and security flaws.
  • Experience in low-code/no-code application security testing (a plus).
  • Understanding of security standards and frameworks, such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top Ten, and general security best practices.
  • Hands-on experience with security frameworks (NIST, ISO27001, etc.) and risk assessment methodologies.
  • Experience with scripting languages (Python, Bash) for automating penetration testing tasks.
  • Familiarity with security automation tools.
  • Excellent written and verbal communication skills to convey technical findings to both technical and non -technical audiences.
  • Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.

Education:


Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)


Experience:

  • 3+ years of experience in penetration testing or a related security discipline
  • 2+ years of experience with vulnerability management tools and processes


Post date: Today
Publisher: Bayt
Post date: Today
Publisher: Bayt