Penetration Tester (m/f/d) - Fulltime
Who we are
DIESEC™, a brand of Dietzel & Company GmbH, provides competent consultancy on governance, compliance, risk management and structured implementation of IT security.
The complexity, requirements and tasks are constantly increasing: Therefore we are looking for new team players (m/f/d).
Overview
As Penetration Tester (m/f/d) you will contribute to our cybersecurity program. You will be involved in exciting projects in our company and our worldwide business network. You should possess a strong background in cybersecurity operations, the evolving threat landscape, as well as a clear understanding of its relevance to cybersecurity servicIn addition to professional and communication skills, social skills are very important for us.
Tasks
- Operation of vulnerability scanner tools, including network scanners and vulnerability scanners.
- Manual verification of vulnerability scanner results (OS, Middleware and Web Application Issues), false positive analysis and exploitation.
- Penetration test documentation and report generation.
- Plan, lead and support stakeholders in remediation of vulnerabilities.
- Act as an escalation point of contact for team members, vendors and stakeholders.
- Be able to review the scope for penetration testing and risk ratings for vulnerabilities.
- Be able to deliver projects under a rigid schedule.
- Provide technical advice to Senior Management on security topics.
- Maintains quality service by establishing and enforcing organization standards.
Skills
- Bachelor’s degree in Computer Science, Engineering, Information Security or equivalent.
- Ideally 5 years of IT Security experience, 3 or more years of penetration testing or vulnerability assessment in a large organization.
- A strong understanding of security concepts, vulnerability management and exploitation methods. Especially in the infrastructure and OS space such as Windows and UNIX, and mobile OS platforms (Android/iOS).
- A good understanding of web technologies and web security hardening techniques, including IIS, Tomcat, Weblogic and Apache.
- Some experience required for penetration tests in the following areas, ideally several years of experience in penetration testing on:
- Network Infrastructures
- Web Applications and Web Services
- Rich Clients
- IOS and Android mobile applications - Practical knowledge with a strong approach in documentation and presentation.
- Very good analytical skills, with the ability to breakdown complex problems into actionable steps.
- The ability to communicate IT security issues to other business areas in technical and non-technical language.
- Some of the following certifications: OSCP, OSCE, OSWE, CISSP, CISM, CEH or SANS Certification (GWAPT).
- Knowledge of the ITIL framework would be an advantage.
- Previous experience in project management preferred, especially support and tracking remediation.
- Software Development and design of Web-Applications (Basics).
- PHP, Python, Perl, Java, JavaScript, SQL, TCP/IP, ISO/OSI layered system structure (Basics).
- Tools used NMAP, Nessus / OpenVAS / Qualys, Burp, shell scripting, automation in reporting, exploitation etc.
- Good language and communication skills in English are required, German language skills are a plus. Written fluency in English is important as all project related communication will be in English language.
- Strong team player and good social skills.
- Self-organizing and committed to your tasks.
Our Offer
- Great working atmosphere
- Interesting and varied tasks as well as continuous training opportunities
- Emphasis on work-life balance
- An excellent and motivated team with high professional competence
- Work from home opportunities
- Flexible working hours
Have we raised your interest in this future-oriented and interesting career? Then we look forward to receiving your application.