Penetration Tester - Brussels, België - Vector Synergy

Vector Synergy

Geverifieerd bedrijf

Brussels, België

3 weken geleden

Geplaatst door:

Sophie Dubois

beBee Recruiter

Beschrijving

Location:

Brussels, Belgium

Security Clearance:

EU Restricted

Introduction:

This service involves a sound preparation to scope the penetration test and to agree on the rules of engagement with the relevant system's stakeholders.

It encompasses the set of standards, processes, tools, technology, and skilled staff.

Skills, knowledge, experience required:

Minimum 5 years' experience in execution of penetration tests, including:
Network penetration testing;
MS Windows penetration testing;
Minimum 3 years' experience in:
Scoping and planning of penetration tests;
Vulnerability assessment;
Unix/Linux penetration testing;
C+/C++ programming;
Python programming;
Minimum 2 years' experience in security assessments and audits;
Minimum 1 year of experience in:
Exploit development;
Wi-Fi penetration testing;
At least 1 certification among the following:
GPEN (GIAC Certified Penetration Tester);
GWAPT (GIAC Certified Web Application Penetration Tester);
CEH (EC-Council Certified Penetration Tester);
At least 1 certification among the following:
GXPN (GIAC Exploit Researcher and Advanced Penetration Tester);
GAWN (GIAC Certified Assessing and Auditing Wireless Networks);
LPT (EC-Council Licensed Penetration Tester);
GMOB (GIAC Mobile Device Security Analyst);
GCIH (GIAC Certified Incident Handler);
GCED (GIAC Certified Entreprise Defender);
Minimum 5 years' experience with:
Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.);
Nmap;
Nessus;
Wireshark;
Metasploit;
John the Ripper;
Ophcrack;
MS Windows;
MS Windows Sysinternals toolkit;
Minimum 3 years' experience with:
Open Web Application Security Project (OWASP) standards;
Kali Linux;
OpenVAS;
Cain and Abel;
Ettercap;
JavaScript;
Minimum 2 years' experience with:
Scapy;
Mimikatz;
IDA Pro;
MS WinDbg;
PHP;

- x86/64 assembly;

Minimum 1 year of experience with:
Core Impact;
Kismet;
Aircrackng;
Incognito;
Samurai Web Testing Framework;
Burp Suite;

- sqlmap;

Browser Exploitation Framework (BeEF);
JAD.

Desirable:

Minimum 3 years' experience with:
PRINCE2, PMI or an equivalent project management methodology;
At least 1 of the following risk assessment methodologies:
EBIOS;
CRAMM;
PILAR;
MS Project or an equivalent tool;
Minimum 2 years' experience in mobile penetration testing;
Minimum 1 year of experience with:
SSLStrip;
Zed Attack Proxy (ZAP);
Android Debug/Android Emulator.

Duties/role:

Establishing a clear scope for the penetration test based on specific and measurable rules of engagement;
Preparing, planning, and coordinating execution of the tests;
Scanning and probing targets;
Determining the feasibility of a particular set of attack vectors;
Attacking and exploiting targets in line with the rules of engagement with the aim of proving the true feasibility of one or several killing chains;
Identifying higherrisk vulnerabilities that result from a combination of lowerrisk vulnerabilities exploited in a particular sequence;
Assessing the magnitude of potential business and operational impacts of successful attacks;
Testing the ability of network defenders to successfully detect and respond to the attacks;
Performing risk, impact, and damage assessments;
Providing intermediate reports on regular basis;
Providing recommendations such as mitigating the identified exploitable vulnerabilities;
Drafting penetration testing reports tailored for management and technical peers;
Performing maintenance and continuous improvement of the penetration testing toolkit;
Interfacing with other experts;
Performing technology watch;
Contributing to awareness trainings.

VECTOR SYNERGY sp. z o.o., ul.

Marcelińska 90, Poznań, NIP PL , REGON , KRS:

Rejestr Przedsiębiorców KRS prowadzony przez Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, VIII Wydział Gospodarczy KRS,