Responsibilities:
Pentests:
•
Plan and manage pentests, including preparatory walkthroughs.
•
Coordinate pentester access to applications and determine necessary roles.
•
Advocate for pentest findings with developers and application owners.
•
Oversee follow-up actions on pentest findings by development teams.
•
Act as a consultant for fix strategies and report templates.
•
Maintain pentest results and deliver monthly statistics on findings.
SIEM:
•
Contribute to discussions and challenge proposals for Splunk use cases.
•
Test implemented Splunk use cases.
Experience:
•
7+ years of pentest experience with various clients.
•
Ability to manage small, multicultural remote teams.
•
Proficiency in structured reporting for actionable insights.
•
Experience in testing web applications, network infrastructure, and SIEM use cases.
•
Familiarity with both red teaming and blue teaming.
Bonus: Experience in mobile application security or web app development.
Personal Attributes:
•
Multicultural collaboration skills.
•
Strong analytical abilities.
•
Perseverance and resilience to stress.
•
Curiosity for continuous learning.
Certifications:
•
OSCP, OSWE, OSCE, OSEP, or CISSP preferred. At least one, preferably multiple, of the following certifications
•
Burp Academy certification advantageous. (Only valid with certification; most testers are familiar with this, but very few pass the exam. Knowledge of the course’s lab environment alone has no value.) Certifications from ComptIA or the CEH certification (from ISC2) have no relevant added value.
Knowledge/Tools:
•
Proficient in Burpsuite Professional or Enterprise for at least 7 years.
•
Familiarity with Nmap, Responder/Multirelay, Bloodhound, Sslscan, Dirbuster/Gobuster.
Higher education with extensive pentest experience and cybersecurity certifications.
• Hands-on experience with SIEM operations