Upscale Sdn Bhd
Petaling Jaya, Kuala Lumpur
Created Wed, 16 Aug 2023
Penetration testers need to have excellent computer skills and familiarity with computer hardware and computer network equipment, as well as computer programming skills. These skills are also needed to help them effectively identify vulnerabilities and determine how to correct security issues.
- In-depth knowledge of TCP/IP networking and application protocols concepts.
- Understanding of software exploitation and common vulnerabilities.
- Understanding of port scanning, vulnerability assessment and fuzzing tools.
- Knowledge of protocols associated with web technologies.
- Understanding of OWASP Top 10 and SANS 25 vulnerabilities and their mitigations.
- Knowledge about security testing of mobile apps and related APIs.
- Proficient with one of the scripting languages (e.g., Python).
- Knowledge of cryptographic and security protocols.
- Understanding of penetrating testing tools like Metasploit; able to write auxiliary modules and code exploits.
- Knowledge on hardware exploitation techniques (e.g., firmware reverse engineering).
- Conduct highly complex offensive security testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
- Documentation of security issues and impacts identified through offensive security testing in a clear and concise manner to facilitate reporting to impacted stakeholders/organizations.
- Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps, remediation validation testing and to reduce to the risk to an accepted minimal level.
- Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
- Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
- Assist in scoping and executing prospective engagements
- Understand and safely use various open-source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures
- Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
- While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hire.
- Develop scripts, tools, or methodologies to enhance MSIs penetration testing processes
- Bachelor's degree, preferably in computer science or information systems, or equivalent work experience
- Capable with Penetration Testing tools like Burp Suite, Fortify, Metasploit, Wireshark and Kali Linux
- Minimum 1 year of industry experience.
- Capable with OWASP Top 10 security vulnerabilities
- Added advantage if acquire certifications such as OSCP, CREST CPSA, GWAPT, GPEN, and others.