IT and Telecom Penetration Testing Expert is specialized in vulnerability assessment and penetration testing on both IT and Telecom systems. Also, responsible for the design and performance of application security robustness tests.
- Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices and Telecom nodes.
- Develop and maintain security testing plans.
- Automate penetration and other security testing on networks, systems and applications.
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risks.
- Produce actionable, threat-based, reports on security testing results.
- Act as a source of direction, training, and guidance for less experienced staff and mentor and coach other IT security staff to provide guidance and expertise in their growth.
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediations.
- Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators.
- Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.
- Foster and maintain relationships with key stakeholders and business partner.
- Perform penetration tests on computer systems, networks, and applications.
- Perform penetration tests on Telecom Nodes (2G/3G/4G).
- Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection.
- Threat modelling and exposure assessment.
- Search for weaknesses in common software, web applications and proprietary systems.
- Research, evaluate, document and discuss findings with IT teams and management.
- Review and provide feedback for information security fixes.
- Establish improvements for existing security services, including hardware, software, policies and procedures.
- Identify areas where improvement is needed in security education and awareness for users.
- Auditing Telecom core network nodes.
- Pen-testing experience in large enterprise, Telecos and ISPs.
- Experience in security assessment tools (such as Aircrack-ng, Burp Suite, SQLmap), Security frameworks (such as NIST, SOX, HIPPA)
- Experience in testing telecom nodes and protocols (SS7, GTP, Diameter, SIGTRAN, etc…)
- In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell).
- Hands on experience with testing frameworks such as the PTES and OWASP.
- Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud.
- Hands on experience with Development of telecom vulnerability scanning product and Telecom Stack development.
- GPEN, OSCP, OSCE or similar certifications.
- English (required)
- Kurdish (required)
- Arabic (preferred)