Information Security Specialist - Penetration Tester

Job Responsibilities:

• Conduct Penetration Tests: Perform thorough and methodical penetration testing on web applications, network infrastructures, and other systems to identify security vulnerabilities.

• Vulnerability Assessment: Assess and analyze security weaknesses and provide actionable recommendations to mitigate risks and improve overall security posture.

• Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.

• Develop and Execute Test Plans: Design and execute detailed test plans

• Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.

• Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.

• Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.

• Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.

Job Requirements:

• University degree

• Information security certification / accreditation an asset

• 7+ years of relevant experience

• Technical Skills:

  • Proficiency in penetration testing tools such as Metasploit, Burp Suite, Kali Linux, Nmap etc.

  • Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.

• Analytical Skills: Strong analytical and problem-solving abilities with attention to detail.

• Communication: Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.

• Ethical Standards: Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.

Preferred Qualifications:

• Experience with penetration testing in cloud environments (e.g., AWS, Azure) and PCI testing.

• Familiarity with security standards and frameworks

• Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.