Senior Ethical Hacker
- As a member of a young and dynamic team you can collect professional experience at multiple clients in different industries
- Penetration testing of infrastructure and development of scalable test strategies
- Development of security tools automating complex tasks
- Vulnerability research on systems, including exotic ones
- Take a hands-on role in building security solutions and improving existing ones
- Excellent opportunity for personal development with regular training courses
- Opportunity to attend conferences, certifications, technical workshops, trainings and meetups
- Competitive salary and benefits
- Work as a member of the Cyber Security team on penetration testing projects
- Perform penetration tests, ethical hacking, system vulnerability tests and IT security risk assessments
- Take part in many IT security and advisory projects, visiting many different companies, and working with many various IT systems
- Duties will also include providing infrastructure and application vulnerability assessment and penetration testing services, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures
- Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with security architecture best practices, and industry standards
- Scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications are also part of the job
- The candidate will be expected to act as a subject matter expert in offensive information security including databases, networking, operating systems, applications, and programming
- Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience (3+ years)
- Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
- Knowledge of attack vectors, threat tactics and attacker techniques
- Familiarity with common toolkits used in penetration testing
- Knowledge of vulnerability Assessment tools, e.g. Nessus, Qualys, etc.
- Knowledge of exploitation frameworks, e.g. Metasploit
- Deep understanding of OSI model
- Knowledge of security devices, e.g. Firewalls, VPN, AAA systems
- Knowledge of OS Security, e.g. Unix, Linux, Windows, Cisco, etc.
- Experience in systems engineering with Linux systems (2+ years)
- Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
- Knowledge of web application infrastructure, e.g. Application Servers, Web Servers, Databases
- Knowledge of web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net (2+ years)
- Reporting information security vulnerabilities to businesses
- Fluent written and spoken English and Hungarian
- Innovative thinker and problem-solver
- Hands-on MS Office skills
- Outstanding analytical and interpersonal skills
- Ability and willingness to learn and deliver in a challenging environment
- Client oriented thinking
- Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – OSCP, OSWE, OSWP, eMAPT, GIAC GPEN, GWAPT, GXPN, GMOB and CEH). Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.
Measures for the duration of the coronavirus:
We recommend Home Office (work from home) for our colleagues, for this we provide a laptop and mobile phone.
Basically, all of our employees work from home and are only able to come to the office or go to the client if it is absolutely necessary and discussed with the manager. If someone still need an office presence, we provide the protective equipment (gloves, masks, hand sanitizer).
To protect our health, all interviews are conducted through a Digital Device (video interview), for this we provide information and assistance to the candidates. Only for the entry process the personal presence is required, than everything will be online. The starting date can be different based on the positions and departments, regarding this we can provide more information during the selection process.