Company Overview

Our company is at the forefront of cybersecurity innovation, dedicated to protecting digital landscapes through cutting-edge research and development. We value expertise and initiative from our cybersecurity professionals who are keen on tackling challenging and diverse projects.

Job Overview

We are seeking an experienced Cybersecurity Penetration Tester R&D to join our team. The role involves engaging deeply with product owners from initial kickoff to the completion of penetration testing, ensuring adherence to scope and deadlines. The ideal candidate should possess 3+ years of specialized experience in web and thick client application penetration testing, along with strong communication skills to effectively convey technical insights.

Qualifications and Skills

• Must have OSCP certification.
• Must have experience in Thick client application testing.
• Expertise in using tools such as Nmap, Wireshark, Burp Suite, OWASP Zap, Echo Mirage, and operating systems like Kali Linux.
• Proficiency in dynamic analysis and reverse engineering of thick client applications.
• Strong communication skills for creating detailed PoCs and reports for varied stakeholders.
• Up-to-date knowledge of the latest exploits and security trends.
• Knowledge of programming languages such as C, C++, Java, .Net.
• Practical pen-test certification, e.g., OSCP, OSWE, CREST CRT, CTRE.
• Understanding of networking principles along with Windows and Linux OS.
• Familiarity with OWASP, NIST, MITRE CWE, CVSS, etc.
• Ability to quickly learn and adapt to new challenges.
• Desirable but not mandatory: experience in testing Android and iOS mobile applications.

Roles and Responsibilities

• Lead and manage penetration testing engagements from initial meeting to final report.
• Collaborate with product teams to promote security awareness and training.
• Develop exploits through dynamic analysis and reverse engineering.
• Prepare comprehensive reports that convey technical findings to both technical and non-technical audiences.
• Maintain an adaptive approach to new and evolving cybersecurity threats and methods.