Senior Penetration Tester
Heredia, Heredia, cr
hace 10 horas

Experian is revamping their penetration testing program to provide enhanced services to our Business Units and Technology Groups across the Globe.

This is an exciting time as we build the team and address the Application and Network environment to ensure that we provide our Clients confidence in a secure environment that is comprehensively tested to the highest standards.

We’re looking for a team that can shape the program and build a world class Penetration Testing environment. Our test team will be global to provide follow-the-sun capabilities .

Experian will provide comprehensive training and ensure that our team grows its skills to address the needs of an organization that is constantly exploring and utilizing new technologies and solutions to be successful across its extensive global footprint.

What you’ll need to bring to the role

  • High levels of collaboration, communication skills, stakeholder management and teamwork
  • Alignment with Experian’s purpose and core values, we look for culture add’
  • Knowledge of common pen test and application security tools, such as Kali Linux, Metasploit, Burp Suite, Wireshark, Web Inspect, Network Mapper (NMAP), Nessus and others
  • Ideally Industry certifications such as CEH, OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
  • Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences
  • What you’ll be doing

  • Conduct tactical assessments that require expertise in application security (web and mobile), threat analysis, internal and external network architecture, and a wide array of commercial and custom products
  • Perform security research on topics that interest you and publishing content to contribute to the information security community
  • Configure and safely utilize attack tools, tactics, and procedures against authorized Experian targets
  • Develop scripts, tools, or methodologies to enhance Experian's penetration testing capabilities
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities, and misconfigurations
  • Arrange and provide support to business units launching new technology applications and services to verify that new products / offerings are not at risk of compromise or information leakage
  • Write formal security assessments for each penetration test using our company’s standard reporting format
  • Participate in conference calls with clients to review assessment results and consult with the clients on remediation options
  • Retesting security vulnerabilities that have been fixed and republishing reports to indicate the results of retesting
  • Qualifications

  • 4 plus years’ experience in one or more of the following areas :
  • Network penetration testing and manipulation of network infrastructure
  • Web application penetration testing assessments
  • Mobile application penetrating testing assessments
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shell code or exploit tools
  • Experience with Red, Blue, or Purple teaming exercises
  • Proficient in one or more of the following programming languages; C, C++, C#, Java, Go
  • Proficient in one or more of the following scripting languages; Python, PowerShell, Bash, Ruby
  • Experience with network OS, Windows / Unix-Linux / MacOS, network communications protocols, virtual environments, cloud environments, mobile OS (Android / iOS) and containerized platforms
  • Familiarity with defensive technologies such as firewalls, IPS / IDS systems, SIEM, EPP, EDR, UEBA, and data encryption
  • Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)
  • Reportar esta oferta

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación