Cybersecurity operations tester tier-1
Posted: Nov. 17, 2023, 12:34 p.m. - Full Time - RemoteHellfire Security is a young and dynamic international company focusing solely on cybersecurity Assessment and Managed Security Services. We are looking for Cybersecurity Operations Testers that can help us assess customer applications.
Responsibilities
- Perform penetration tests from both the outside and the inside of a customer network
- Assess customer applications using both black-box and grey-box approaches
- Log all activity, collect tool output, and capture evidence
- Secure work product to prevent accidental disclosure
- Setup lab environments for reverse engineering and attack POC
- Provide Daily Status Reports to team leads
- Contribute to customer reports
Required Skills
- 3-5 years of experience in performing penetration tests against mobile, web, and enterprise applications including API
- Experience testing traditional web applications such as PHP, ASPX, and JSP as well as more modern applications such as those based on NodeJS
- Experience testing a variety of different API including REST and websocket API using a variety of different data structures such as XML and JSON
- Experience using tools such as testssl, dirbuster, Burpsuite and SoapUI for testing web applications and API
- Experience using tools such as class dump, clutch, gdb, cycript, apk tool, sqlite manager, drozer, and frida for testing mobile applications
- Experience manually executing attacks such as XSS, CSRF, SQL Injection, Command Injection, XXEi, LFI, SSRF, etc.
- Experience with the OWASP testing guide
- Intermediate knowledge of Windows and Linux
- Good knowledge of programming languages such as JavaScript, PHP, Java, python, or C
- Can write concise and meaningful reports to both upper management and technical level audiences
Preferred Skills
- Experience debugging applications with tools such as gdb, IDA, Ghirdra, and valgrind
- Experience fuzzing application input via the network and file system using tools such spike
- Experience with automated code review using tools such as cppcheck and GoSec
- Experience with manually reviewing code written in C, go, or other similarly compiled language for flaws
- Experience with the OWASP mobile testing guide and Software Assurance Maturity Model
- Good knowledge of TCP/IP and other application and network level protocols
- Ability to provide suggestions to remediate vulnerabilities
- GWAPT or OSWA certification
Qualifications
- Ability to self-manage including planning, providing status updates and metrics
- Can communicate well (written and spoken)
- Can work alone or in a team
- Good organization skills
- Good time management
- Responds well to criticism and encouragement from co-workers and customers
We welcome all candidates with or without certification or degree. Brief skills assessment will, however, follow the initial interview so be prepared.