The candidate will be part of excellent national/international activities. It will be able to follow some of the most important Cyber Activity for the major companies in the Automotive, Industrial, Oil, Telco, Media, Products sectors and important national research projects.
- Executing Security Assessments on application/network/OT/embedded device to identifying vulnerabilities and exploiting them
- Conducting security research and devising new attack techniques against novel technologies
- Developing custom exploit to assist in compromising the target system
- Analyzing, disassembling, reverse engineering and exploiting a large number of heterogeneous systems
- Solving challenging technical problems and devising creative solutions
- Running in-depth analysis of test results and creating reports that describes findings, exploitation procedures, risks and recommendations
- Taking part in R&D activities to support and innovate Penetration Testing
Knowledge And Skills
- 2+ years' experience
- Penetration testing (Network, Web, Mobile Application)
- Security Assessment (Embedded System, SCADA and ICS) (preferred but not required)
- Good ability to write technical documents
- Operating Systems (Linux, Unix, Windows, iOS, Android)
- Security principles, techniques and technologies (OWASP, NIST, OSSTMM)
- Identification, analysis and exploiting of vulnerabilities
- Vulnerabilities research and bug hunting experience (preferred but not required)
- Security tools and Standard security products (Nessus, Burp Suite, Acunetix WVS, Owasp ZAP, Wireshark, Metasploit, etc.)
- Mobile Application Reverse Engineering
- Exploit Development (preferred but not required)
- Experience with firmware extraction techniques, memory access attacks, firmware upgrade attacks, and using hardware debugging interfaces such as JTAG, UART, SPI, I2C, USB, and NAND flash chip reader (preferred but not required)
- Coding / Programming (e.g. Assembly, C, C#, C++, Java)
- Master Degree in Computer, Electronics, or Telecommunication Engineering.
- A strong academic background with specialization in cyber security is mandatory.