Cybersecurity Technical Auditor / Penetration Tester Expert - Application Security
Your role in Atos - Job Description
Cybersecurity Technical Auditor / Penetration Tester Expert’s role is a strong technical position which will support the various on-site or remote information security, cybersecurity technical audits with penetration testing part related to customer on-premise or cloud application environment. Cybersecurity Technical Auditor will work alone or with Atos or customer team from Cybersecurity Network or Infrastructure Security Technical Auditor/Penetration Tester, IT&N architects, development teams, security incident response and security monitoring teams.
As a Cybersecurity Technical Auditor / Penetration Tester Expert you are a member of an ambitious international team that works in a strategic growth area for the best organizations in the sectors of Financial Services; Manufacturing, Retail & Transport; Public & Health; Telecommunication, Media and Utilities. Together you will distinguish yourselves through commitment and auditing and recommendation quality. As a member of a global team you operate independent or in collaboration with other entities and regions within Consulting or Atos itself. You will work both on large and dedicated application domain audit and compliance projects regarding ISO 27001, NIST, NIS Directive, ISF, OWASP, PCI-DSS, PTES and other industry standards specific audit based on your IT technical knowledge.
You understand and realize technical aspects of various cybersecurity or GRC audits, with elements of post-incidental analysis or forensic, technical failure investigations etc. While conducting audits you are using various pen-tester’s supporting software or tools dependent on application technology. You are familiar with the importance of data security and are knowledgeable with regard to IT operations and security risks side of these activities.
What Are We Looking For / Essential skills and competencies:
•Experience working in the role technical security auditor or penetration tester preferably supported by personal or company references from customer
•Practical experience in the field of IT/Information Security is required.
•Experience working in Financial Services; Manufacturing, Retail & Transport; Public & Health; Telecommunication, Media and Utilities
•Master or bachelor’s degree in relevant areas (technical, IT studies preferred)
•Several (the more the better) of the below security certifications related to security penetration testing: •OSCP (Offensive Security Certified Professional) –
•OSCE (Offensive Security Certified Expert)
•GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
•CISSP (Certified Information Systems Security Professional)
•CISA (Certified Information Systems Auditor)
•eWPT (eLearnSecurity Web Application Penetration Tester)
•eMAPT (eLearnSecurity Mobile Application Penetration Tester)
•OSWP (Offensive Security Wireless Professional)
•CEH (EC-Council Certified Ethical Hacker)
•CCLO (Cellebrite Certified Logical Operator)
•CCPA (Cellebrite Certified Phisical Analyst)
•XWF (X-Ways Forensics)
•Other security certifications like: SANS GSEC, ECSA, ECSP, OSCP, CompTIA Security+ or equivalent certification is a plus
•Number and list of disclosed application vulnerabilities within non-profit activities (i.e. Bug Bounty, Capture The Flag etc.) and reported to institutions including zero-day vulnerabilities. Placing on Hall of Fame list will be additional asset.
•Key competencies include (those could be complementary to other team members): •Red teaming (network attacks, social engineering tests, phishing campaigns) experience
•Blue teaming experience (internal security team that defends against both real attackers and Red Teams)
•Purple teaming experience (groups that exist to ensure and maximize the effectiveness of the Red and Blue teams)
•Penetration tests experiences: •WebApplications (WWW), web-services np. SOAP
•Network infrastructure, Wi-Fi,
•Mobile devices (tablets, phones) Mobile applications (android, iOS)
- « fat client » applications
•SCADA systems, industry automation (IoT, Operational Technology)
•Source code audit
•Incident Response analysis and post-incident analysis
•Cyber Threat Intelligence (CTI)
•SIEM, logs management analysis (quantitative and qualitative)
- Splunk i ArcSight, Mc Affee SIEM, etc.
- Security scenario design
- Threat modelling for systems and applications
•Practical Knowledge of Penetration Network Framework and tools listed in: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
•Practical knowledge of other methodologies: OWASP, PTES, PCI DSS.
•Practical knowledge of several dedicated tools: Shodan, Recon-ng, dig, DMitry, theHarvester , Metagoofil, Fierce2.Qualys, nmap, CANVAS, Metasploit, Core Impact, Gleg’s Agora SCADA+ Pack, Social Engineering Toolkit (SET), Common User Password List (CUPP).Hashcat, OWASP ZAP, nmap NSE, OpenVAS, sqlmap, nikto2, w3af, SNMP Walk, JBroFuzz lub wpscan, nmap, dirbuster, ike-scan, Unicornscan, p0f, xprobe, etc.
•Criminal record clearance.
•Expert witness – additional asset.
•Excellent customer service and communication (oral / written) skills required.
•Must be able to work independently or with a team, under minimum supervision, reporting to Project Manager of given assignment or Line Manager.
•Fluent English is a must, Intermediate or Fluent German or French is a great plus
•International mobility to serve our global clients and work with our global clients (50-100%) Europe or other continents. You accept readiness to travel up to 80-100% on average 60% also there are remote projects dependent on the assignment, mainly Europe but other continents are also possible.
•EU work permit is a must, US visa is a plus
•UK Security Clearance or UK citizenship – is a big plus
•Location - anywhere in Poland, likely to be close to a city with an international airport.
AtosZobacz wszystkie oferty Atos