Cybersecurity operations tester tier-1

Posted: Nov. 17, 2023, 12:34 p.m. - Full Time - Remote

Hellfire Security is a young and dynamic international company focusing solely on cybersecurity Assessment and Managed Security Services. We are looking for Cybersecurity Operations Testers that can help us assess customer applications.


  • Perform penetration tests from both the outside and the inside of a customer network
  • Assess customer applications using both black-box and grey-box approaches
  • Log all activity, collect tool output, and capture evidence
  • Secure work product to prevent accidental disclosure
  • Setup lab environments for reverse engineering and attack POC
  • Provide Daily Status Reports to team leads
  • Contribute to customer reports

Required Skills

  • 3-5 years of experience in performing penetration tests against mobile, web, and enterprise applications including API
  • Experience testing traditional web applications such as PHP, ASPX, and JSP as well as more modern applications such as those based on NodeJS
  • Experience testing a variety of different API including REST and websocket API using a variety of different data structures such as XML and JSON
  • Experience using tools such as testssl, dirbuster, Burpsuite and SoapUI for testing web applications and API
  • Experience using tools such as class dump, clutch, gdb, cycript, apk tool, sqlite manager, drozer, and frida for testing mobile applications
  • Experience manually executing attacks such as XSS, CSRF, SQL Injection, Command Injection, XXEi, LFI, SSRF, etc.
  • Experience with the OWASP testing guide
  • Intermediate knowledge of Windows and Linux
  • Good knowledge of programming languages such as JavaScript, PHP, Java, python, or C
  • Can write concise and meaningful reports to both upper management and technical level audiences

Preferred Skills

  • Experience debugging applications with tools such as gdb, IDA, Ghirdra, and valgrind
  • Experience fuzzing application input via the network and file system using tools such spike
  • Experience with automated code review using tools such as cppcheck and GoSec
  • Experience with manually reviewing code written in C, go, or other similarly compiled language for flaws
  • Experience with the OWASP mobile testing guide and Software Assurance Maturity Model
  • Good knowledge of TCP/IP and other application and network level protocols
  • Ability to provide suggestions to remediate vulnerabilities
  • GWAPT or OSWA certification


  • Ability to self-manage including planning, providing status updates and metrics
  • Can communicate well (written and spoken)
  • Can work alone or in a team
  • Good organization skills
  • Good time management
  • Responds well to criticism and encouragement from co-workers and customers

We welcome all candidates with or without certification or degree. Brief skills assessment will, however, follow the initial interview so be prepared.