A pentester at SeQurance should have a solid understanding in both computer science and information security. They should be able to learn advanced concepts like application manipulation, exploit development, and stealthy operations in addition to understanding fundamental concepts like networking, applications, and operating system functionality. This is not a “press the ‘hack’ button’ kind of job; it’s a technical and difficult career with opportunities to work in some of the most exciting security consulting areas on very technical and difficult work. A typical job might involve sneaking into a segmented secure area at a Fortune 500 bank, deciphering an application, and decrypting data using a reverse engineering technique without being seen.

You’ll encounter opportunities for both practical testing and complex problem solving every day. Through thorough and real-world scenario testing, we assist our clients in protecting their most sensitive and valuable data. Gaining “domain admin” or “root” is just the beginning; the goal doesn’t stop there. This is expected. Since you will frequently encounter new client environments on a weekly or monthly basis, it is expected of you to quickly assimilate new information. You will be expected to comprehend and accurately assess each environment’s threat vectors.

Responsibilities:

Test web and mobile applications, perform threat analysis, review source code, evaluate wireless networks, and conduct social engineering assessments.
For technical and executive audiences, create thorough and accurate reports and presentations.
Recognize and use attacker tools, tactics, and procedures in a safe manner. Effectively communicate findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel. Create methodologies, tools, or scripts to improve SeQurance procedures and help with defining the scope of potential engagements, managing engagements from start to finish, and coaching less experienced staff

Requirements:

• At least seven to ten years’ experience,
• A minimum of OSCP and OSCE
• A great understanding of network penetration testing and network infrastructure manipulation/evasion techniques
• Social engineering skills via email, phone, or in person.
• Developing, extending, or modifying exploits written in various programming languages.
• A great understanding of Deep Source Code review
• Strong knowledge of wireless, web application and network security testing
• A deep understanding of Linux, and Windows.
• Reverse engineering skills of malware, data obfuscators or ciphers.