The Penetration Tester is responsible for assessing the security of systems and identifying vulnerabilities in technologies and processes and recommending effective countermeasures. This position requires strong technical expertise, an analytical mindset, and a passion for identifying and mitigating security risks. • Conduct real-world cyberattacks to identify security vulnerabilities. • Conduct comprehensive penetration tests on networks, systems, and applications. • Assist in managing application security programs across multiple software development lifecycles. • Identify security vulnerabilities, misconfigurations, and weaknesses in target environments, utilizing automated scanning tools and manual testing techniques to exploit vulnerabilities. • Document findings, methodologies, and recommendations in clear and concise reports to be provided to the Company. • Conduct full-scope adversary emulation exercises to identify and exploit vulnerabilities in processes and technologies such as networks, applications, cloud environments, etc. • Work closely with the blue team (CSOC, IR, and defense teams) to enhance detection, response, and mitigation strategies by actively testing security controls in real-time attacks scenarios. • Present results to technical and non-technical stakeholders. • Research the latest security threats, attack methods, and tools. • Adapt testing methodologies to address emerging threats. • Triage potential vulnerabilities identified by application security program with context of application and related business knowledge. • Review and understand code from Company's business logic and technical standpoints. • Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security. • Provide remediation guidance and recommendations to Company's developers and administrators based on identified vulnerabilities and existing technology stack. • Prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests. • Participate in Company's security audits and assist in regulatory compliance efforts. • Collaborate with the Cyber Security Operation Center to test detection and response capabilities of the organization
Required Qualifications: • Bachelor's or master's degree in computer science, Electrical Engineering, or a related field. • Proven experience in hardware security testing, penetration testing, or related roles. • Deep understanding of hardware architecture, digital electronics, and microprocessor systems. • Proficiency in low-level programming languages (e.g., C, Assembly) and scripting languages (e.g., Python). • Familiarity with hardware hacking tools, such as oscilloscopes, logic analyzers, JTAG debuggers, and bus analyzers. • Knowledge of security protocols, cryptographic algorithms, and secure hardware design principles. • Experience with hardware reverse engineering and analysis techniques, including fault injection, side-channel attacks, and glitching. • Strong analytical and problem-solving skills, with the ability to think creatively and find innovative security solutions. • Relevant certifications, such as OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or CISSP (Certified Information Systems Security Professional), are a plus.
Minimum Qualifications :
Must be able to • Physically access assigned workspace areas with or without reasonable accommodation. • Work remotely as necessary. • Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust. • Utilize laptop and standard keyboard to perform essential functions of the job. • Lift or carry 20 pounds, unassisted, in the performance of specific tasks, as assigned. • Physically access all areas of the property and drive areas with or without reasonable accommodation. • Maintain composure under pressure and consistently meet deadlines. • Ability to interact appropriately and effectively with management, other team members, and outside contacts.