Middle Penetration Tester in IT SPECIALIST, TOV

We are a stable and constantly growing company with more than 90 certified IT specialists who are happy to collaborate and share their experience. You will have the opportunity to develop both horizontally and vertically, working on interesting projects and solving complex tasks.

Our clients are leading companies that trust us with the security of their digital environment.

IT Specialist has partnership agreements with leading manufacturers of software and hardware solutions, such as IBM, Check Point, Cisco , Symantec, Intersystems, Dynatrace, Qualys, etc. We are constantly developing our partner portfolio and the level of competence of our team to make the world safer.

Tasks to be solved:

• Performance of penetration testing and security assessment of systems, networks and applications ;
• Search, analysis, exploitation and assessment of vulnerabilities;
• Generation of reports on the results of the conducted testing with recommendations on the elimination of identified vulnerabilities;
• Conducting presentations and consultations to teams from the customer's side based on the results of the conducted project;
• Participation in the development and improvement of penetration testing methodology;
• Continuous training and study of new technologies and methods in the field of cyber security;
• Interaction with defense teams (SOC) within the framework of Purple Team activity, involvement in foresics projects.

Expectations from the candidate:

• At least 2 years of work experience in the field of information security, the availability of commercial experience in the search for and exploitation of vulnerabilities;
• Knowledge and understanding of the main concepts of information security, including the main types of vulnerabilities, their causes and methods of exploitation, methods and approaches to their elimination and mitigation;
• Experience with penetration testing tools such as Kali Linux, Metasploit, Burp Suite, nmap, Wireshark, Nexpose, Nessus, Bloodhound, SQLmap, etc;
• In-depth understanding of various network protocols and operating systems. Skills in conducting penetration testing with Windows and Linux systems;
• Knowledge of penetration testing methodologies. - Understanding of OWASP and Miter ATT&CK, ability to assess vulnerabilities according to CVSS;
• The ability to conductintelligence OSINT, skills in using information resources and vulnerability databases such as Miter CVE, Exploit-db, ability to work with search engines such as Shodan and ZoomEye;
• Ability to succinctly and meaningfully describe the vulnerabilities found, the method of their exploitation and measures to eliminate and mitigate them;
• Proficiency in English at a sufficient level to read and understand technical documentation and write reports;
• Availability of certifications in the field of Offensive Security confirming the level of qualifications (eWPT, eMAPT, eCPPT, Pentest+, CEH, HTB CPTS, PNPT, OSCP, OSWE, etc.) or readiness to obtain them;
• The most important thing: a sincere desire to develop as a specialist in the field of penetration testing, a thirst for continuous learning, learning and trying new things.

Would be an advantage:

• Experience working in a security team at an enterprise or consulting company;
• Experience in penetration testing, participation in Bug Bounty programs;
• Report writing experience;
• Ability to program in one or more languages ​​(Python, JavaScript, C/C++, Ruby);
• Knowledge of the requirements of the PCI DSS standard and the features of penetration testing in accordance with its requirements;
• Availability of specialized higher education.

We offer:

• Comfortable office of the Sigma business center with reliable underground shelter and the availability of uninterrupted Internet, water supply and power supply;
• Health insurance, after the trial period;
• 22 working days of paid vacation per year and paid sick leave;
• All equipment necessary for work;
• Friendly team and open management;
• Learning and mentoring;
• Opportunities for development, both personal and professional.

Interview process: Call with the recruiter ---- interview with the team ---- final interview -- -- offer

Join our friendly IT team!