Context:
The candidate will be part of excellent national/international activities. It will be able to follow some of the most important Cyber Activity for the major companies in the Automotive, Industrial, Oil, Telco, Media, Products sectors and important national research projects.
Main Responsibilities:
- Executing Security Assessments on application/network/OT/embedded device to identifying vulnerabilities and exploiting them
- Conducting security research and devising new attack techniques against novel technologies
- Developing custom exploit to assist in compromising the target system
- Analyzing, disassembling, reverse engineering and exploiting a large number of heterogeneous systems
- Solving challenging technical problems and devising creative solutions
- Running in-depth analysis of test results and creating reports that describes findings, exploitation procedures, risks and recommendations
- Taking part in R&D activities to support and innovate Penetration Testing
Technical Requirements:
Knowledge And Skills
- 2+ years' experience
- Penetration testing (Network, Web, Mobile Application)
- Security Assessment (Embedded System, SCADA and ICS) (preferred but not required)
- Good ability to write technical documents
- Operating Systems (Linux, Unix, Windows, iOS, Android)
- Security principles, techniques and technologies (OWASP, NIST, OSSTMM)
- Identification, analysis and exploiting of vulnerabilities
- Vulnerabilities research and bug hunting experience (preferred but not required)
- Security tools and Standard security products (Nessus, Burp Suite, Acunetix WVS, Owasp ZAP, Wireshark, Metasploit, etc.)
- Mobile Application Reverse Engineering
- Exploit Development (preferred but not required)
- Coding / Programming (e.g. Assembly, C, C#, C++, Java)
- Scripting languages (e.g. JavaScript, BASH, Python, PHP)
- Knowledge of the ISO 27001 standard on information security management systems
Education:
- Master Degree in Computer, Electronics, or Telecommunication Engineering.
- A strong academic background with specialization in cyber security is mandatory.