Information Security Penetration Tester

JOB TITLE: Information Security Penetration Tester

JOB DESCRIPTION: Full-time employee conducting security vulnerability assessment and penetration testing on servers, web applications, web services, databases, and network devices, to identify vulnerabilities, misconfigurations, and compliance issues.

RESPONSIBILITIES:
• Perform vulnerability assessment and penetration testing to identify security weaknesses in servers, web applications, web services, databases, and network devices (switches, routers, firewalls, Wireless APs).
• Perform code reviews manually and by utilizing Static, and Dynamic Code Analysis tools.
• Document findings and remediation recommendations in a written report.
• Collaborate with the IT and IS teams to ensure timely remediation of identified vulnerabilities.
• Support internal developers in their SDLC and provide guidance regarding mitigations to emerging threats.
• Manage Web Application Firewall (WAF) solution, and create required WAF policies to protect existing applications.
• Providing after-hours and weekend support whenever required.
• Staying up to date with the latest cybersecurity threats and vulnerabilities.
• Ability to obtain the required security certifications as required as a part of job duties and business requirements.
• Read, understand, enforce, and adhere to the information security policies, standards, and procedures, and do not hinder in any way the proper execution of procedures defined within.
• Understand and abide by our non-disclosure and confidentiality agreements, and rules of behavior policy.

QUALIFICATIONS:
• Bachelor’s Degree in computer science, cyber security, or related fields.
• 3 years of experience in conducting vulnerability assessment and penetration testing on web/mobile applications and services, network, and computer systems.
• Development experience, such as in C#, C++, Python, or Java.
• Experience with Linux and Windows operating systems.
• Knowledge of secure coding practices/frameworks such as OWASP and/or SANS.
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Kali Linux, Nmap, Metasploit, etc.
• Familiarity with common attack techniques, such as SQL injection, XSS, CSRF, etc.
• Demonstrated experience collaborating with cross-functional teams and peers on findings and remediation recommendations.
• Self-motivated and quick learner.
• Excellent communication skills both verbal and written.
• Ability to multitask, and learn new technologies in a fast-paced energized environment.
• Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), or Certified Ethical Hacker (CEH) level certifications strongly desired.

LOCATION: AsiaPay HQ, located in Sulaymaniyah City