Description:
Kinetic IT are currently looking for an OSCP certified Penetration Tester with an expert understanding across cyber security and ethical hacking. In this role, you’ll be involved in Pen Test engagements with external customers. A start-up mentality is important for a culture fit! Finding satisfaction in growing a developing security practice and having a strong business mind are essential soft skills for this role. In return, you'll experience a rewarding work environment, career development opportunities and flexible working arrangements.
Here are some of the skills and experience that we are looking for:
- Network and system security: understanding of common security protocols, firewalls, and security technologies.
- Ethical hacking: ability to use the same tools and techniques as malicious hackers to identify vulnerabilities in systems.
- Scripting and programming: knowledge of at least one scripting or programming language to automate tasks and write custom tools.
- Web application security: understanding of web application architecture and the OWASP Top 10 vulnerabilities.
- Database security: knowledge of SQL injection, database architecture, and data protection methods.
- Operating systems: familiarity with different operating systems and their security features.
- Compliance and regulations: knowledge of security regulations and standards such as PCI-DSS, HIPAA, and NIST.
- Report writing and communication: ability to clearly communicate findings and recommendations to technical and non-technical stakeholders.
- Continuous learning: ability to stay up to date with the latest security trends, techniques, and tools.
- We are seeking people with some experience of performing penetration tests and with the writing and publication of test reports.
- Ideally candidates will also have experience of phishing assessments, red and purple team engagements.
Tools and platforms:
- Vulnerability scanning tools: such as Nessus, OpenVAS, and Qualys
- Exploitation tools: such as Metasploit, CANVAS, and Core Impact
- Network analysis tools: such as Wireshark, tcpdump, and Nmap
- Web application testing tools: such as OWASP ZAP, Burp Suite, and AppScan
- Password cracking tools: such as John the Ripper, Hashcat, and Aircrack-ng
- Mobile security testing tools: such as OWASP MobiSec and drozer
- Cloud security platforms: such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
- Operating systems: such as Windows, Linux, and macOS
- Databases: such as MySQL, PostgreSQL, and Oracle
- Firewalls and intrusion detection/prevention systems (IDS/IPS): such as Cisco ASA, Check Point, and Snort