Penetration Tester (Pentester)
เกี่ยวกับตำแหน่งนี้
The Penetration Tester will be responsible for conducting vulnerability assessments and penetration testing on internal and external systems, requiring deep technical expertise and hands-on experience in exploiting vulnerabilities and reporting findings.
หน้าที่รับผิดชอบ
• Conduct penetration testing on web applications, network infrastructure, and APIs to identify security vulnerabilities.
• Perform vulnerability assessments using both manual and automated techniques.
• Exploit identified vulnerabilities in a controlled and safe manner, documenting the methods and outcomes.
• Prepare detailed technical reports and executive summaries that outline vulnerabilities, risks, and recommendations for remediation.
• Collaborate with the IT and development teams to ensure that security issues are addressed and mitigated in a timely manner.
• Conduct follow-up testing to verify that vulnerabilities have been properly fixed.
• Stay updated on the latest security threats, vulnerabilities, and industry trends.
• Assist in creating security awareness and providing recommendations for improving overall security posture.
• Utilize a variety of tools, such as Metasploit, Burp Suite, Nmap, Wireshark, and other penetration testing tools.
• Ensure compliance with industry standards and regulations, including PCI-DSS, GDPR, and ISO 27001.
• Participate in red team/blue team exercises and other security initiatives as required.
คุณสมบัติ
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Proven experience in penetration testing, ethical hacking, and vulnerability assessments.
• Proficiency in using penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, Wireshark, etc.
• Strong understanding of web application security and common vulnerabilities (OWASP Top 10).
• Knowledge of network security principles, protocols, and technologies (e.g., firewalls, IDS/IPS).
• Experience with scripting and automation (Python, Bash, PowerShell) is highly desirable.
• Familiarity with exploit development, reverse engineering, and malware analysis.
• Strong understanding of encryption, authentication mechanisms, and secure communication protocols.
• Ability to write clear, concise reports, summarizing technical details for both technical and non-technical stakeholders.
• Relevant certifications such as OSCP, CEH, GPEN, or similar are a plus.
• Strong analytical and problem-solving skills, with the ability to think creatively to uncover potential threats.
• Experience in the payment or financial services.