• Senior Penetration Tester

    Standort NL-Leiden
    Stellencode
    8028
    Anzahl der offenen Stellen
    1
    Stellenkategorie
    Ingenieurwesen
  • .

     

    Security is only as strong as its weakest link. Consequently, UL identity management and security (IMS) employs a holistic view of software security, from product design and secure system integration to the security of entire infrastructures. UL helps to combat cybersecurity risks throughout the different IT lifecycle phases, from security strategy & design, to secure software development, and implementation in wider IT network & infrastructures.

    UL partners with customers to provide an independent viewpoint and provide advisory, and testing and validation services. We’ll work with customers to evaluate current security exposure and the risks they are running. We’ll help customers to develop risk-based action plans to secure and protect critical assets and data effectively and cost-efficiently. Our aim is to give customers the peace of mind that comes from knowing that you have performed the necessary due diligence to mitigate cybersecurity risks.

    .

    The Senior Penetration Tester will conduct advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software. Helps define industry requirements on cybersecurity along with other standard bodies and industry alliances.

    • Leads and participates in customer projects to the defined requirements in the timeframe required by customers with the highest quality and integrity of work.
    • Analyzes customer documentation to qualify Risk Management and Threat Analysis assessment models.
    • Is able to verify security controls in the product as described in the documentation.
    • Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.
    • Conducts penetration testing against different technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.
    • Assesses and calculates risk based on vulnerabilities and exposures discovered during testing, based on international standards such as OWASP, NIST 800-115, OPENSAMM among others
    • Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.
    • Provides technical guidance and training to new security team members.
    • Provides pre-sales support and the sale of more complex projects.  
    • Helps drive innovation in cybersecurity services.

    .

     

    • University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus four years’ technical expert in cybersecurity, software development, or ethical hacking.
    • Minimum 5 years of experience with cybersecurity testing of products and software to identify weaknesses and flaws. Able to create PoC's and clearly document the procedure
    • Vulnerability, threat and risk management experience
    • Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning.
    • Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.
    • Extensive experience and knowledge in scripting at least one or more of the following languages: sh, csh, perl, python, ruby.
    • Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
    • Experience with QNX, Linux, iOS, AOSP, etc.
    • Deep expertise in testing in at least two or more of the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.

    Nice to have

    • Security related certifications is a plus: CEH, CPT, CEPT, CSSLP, CISSP, OSCE, LPT, CREST ACE, GIAC, CISA, OSCP, CompTIA SECURITY+ or other information security certifications
    • Security framework experience (e.g. ISO 27001/27002, NIST, PCI, FIPS etc.)
    • Experience with various security tools and products (e.g. Nessus, Burp, metasploit framework, OpenVAS)
    • Good understanding of the components of a secure SDLC
    • Application reversing skills
    • Understanding of cryptography principles

    Optionen

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Auf Ihrem Newsfeed teilen

    Connect With Us!