We are looking for candidates for the position of an Ethical Hacker / Penetration Tester to support us with identifying and testing advanced cyber security threats targeting the organization.
You will ensure services are delivered in accordance with agreed business requirements and provide the Service Manager with an overview of ABB’s risk exposure from internal and external threats.
You will interact with other security departments with regards to assessing the risk deriving from the findings along with potential mitigations.
You will be part of Security Resilience Testing Service in IS Risk and Security Group and report functionally to Security Resilience Service Operations Manager.
Your responsibilities :
Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
Recognize and safely utilize attacker tools, tactics, and procedures
Develop scripts, tools, or methodologies to enhance read teaming processes
Validate all findings in scope from Red Team scans.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences using the InfoSec reporting tools
Effectively communicate findings and strategy to client stakeholders
Participate in discussions with asset owners or designated technical contacts to analyze and explain results of assessments and tests as well as determine remediation steps / time needed
Requirements : You have :
You have :
Bachelor’s Degree or equivalent level with IT focus or equivalent
Minimum 4 years of experience in Information Security including at least 2 years of experience performing network penetration testing, cyber Red Teaming operations, or application security assessments
Experience with developing, extending, or modifying exploits, shellcode, or exploit tools preferred
Experience in source code review for control flow and security flaws is preferred
Excellent English language skills (spoken and written)
Industry certifications preferred (e.g. GPEN, GWAPT, OSCP, OSWE, eWPTX, etc.)
Ability to perform targeted penetration testing without the use of automated tools
You are :
A team player and detail oriented in conducting analysis combined with an ability to accurately record full documentation in support of their work