Lead Penetration Test Engineer / Threat Analyst (m/f/d)
Experience:
5+ years
English:
Upper-Intermediate
Location:
Ukraine, Poland, Bulgaria
Infopulse, Part of TietoEvry Create, welcomes a talented professional to join our Security team as a Lead Penetration Test Engineer / Threat Analyst. We are looking for an experienced and responsible professional to be part of our expert team.
Areas of Responsibility
- Performing assessment of overall customer security level and suggest improvements
- Threat modelling
- Performing penetration testing, vulnerability scanning, secure code reviews
- Full scope of penetration testing activities like: WEB applications, desktop applications, infrastructure, mobile applications (iOS, Android), IoT and embedded systems testing
- Secure development life cycle assessment and improvements
- Providing L3 engineer support to the SOC team for complex security incidents, such as ATP
- Managing internal or external human resources for complex projects
- Documentation of internal methodology, procedures, and operations enhancement
- Mentoring and knowledge sharing with team-mates
Qualifications
- 5+ years of progressive experience in IT security
- Good understanding of computer networks, clouds, security solutions and processes
- Well-developed administrative skills in OS (Windows and Linux), docker and cloud environments administration including understanding of and experience in security aspects
- Understanding common security risks for IT infrastructure and it’s components
- Thorough knowledge of common vulnerabilities (e.g., infrastructure, WEB, network, IOT)
- Understanding of common types of WEB security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.)
- Deep understanding of MITRE-stack
- Understanding of threat modelling methodologies (CAPEC, STRIDE, Attack Tree)
- Knowledge of the international standards and best practices: OSSTMM, NIST, OSSEC, PTES, MS Ent Cloud Red Teaming
- Strong programming skills in web-related languages including security aspects and best practices
- Experience with C, Java, C# and other related languages
- Strong cybersecurity analysis and situational awareness skills
- Experience in security incidents detection and investigation
- English: upper-intermediate
Will be an advantage
- Professional security certifications (e.g., CEH, CISSP, CISM, CISA, OSCP/OSCE)
- Experience of malware engineering and reverse engineering
- Low-level programing skills
Personal skills
- Proactive, result-oriented person, who is able to work individually and in a team