Міжнародна ІТ компанія Infopulse, яка входить до складу Tietoevry Create, заснована в 1991 в Україні. Нашими цінностями є інноваційність, гнучкість, відкритість та залученість, які поділяють понад 2000 спеціалістів компанії. Infopulse має делівері центри в 5 країнах Європи та Південній Америці.
14 серпня 2024

Lead Penetration Test Engineer / Threat Analyst (m/f/d) (ID:1260) (вакансія неактивна)

Київ, Львів, Одеса, Вінниця, Івано-Франківськ, Житомир, Бидгощ (Польща), Гданськ (Польща), Варшава (Польща), Лодзь (Польща), віддалено

Infopulse, Part of TietoEvry Create, welcomes a talented professional to join our Security team as a Lead Penetration Test Engineer / Threat Analyst. We are looking for an experienced and responsible professional to be part of our expert team.

Areas of Responsibility

  • Performing assessment of overall customer security level and suggest improvements
  • Threat modelling
  • Performing penetration testing, vulnerability scanning, secure code reviews
  • Full scope of penetration testing activities like: WEB applications, desktop applications, infrastructure, mobile applications (iOS, Android), IoT and embedded systems testing
  • Secure development life cycle assessment and improvements
  • Providing L3 engineer support to the SOC team for complex security incidents, such as ATP
  • Managing internal or external human resources for complex projects
  • Documentation of internal methodology, procedures, and operations enhancement
  • Mentoring and knowledge sharing with team-mates

Qualifications

  • 5+ years of progressive experience in IT security
  • Good understanding of computer networks, clouds, security solutions and processes
  • Well-developed administrative skills in OS (Windows and Linux), docker and cloud environments administration including understanding of and experience in security aspects
  • Understanding common security risks for IT infrastructure and it’s components
  • Thorough knowledge of common vulnerabilities (e.g., infrastructure, WEB, network, IOT)
  • Understanding of common types of WEB security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.)
  • Deep understanding of MITRE-stack
  • Understanding of threat modelling methodologies (CAPEC, STRIDE, Attack Tree)
  • Knowledge of the international standards and best practices: OSSTMM, NIST, OSSEC, PTES, MS Ent Cloud Red Teaming
  • Strong programming skills in web-related languages including security aspects and best practices
  • Experience with C, Java, C# and other related languages
  • Strong cybersecurity analysis and situational awareness skills
  • Experience in security incidents detection and investigation
  • English: upper-intermediate

Will be an advantage

  • Professional security certifications (e.g., CEH, CISSP, CISM, CISA, OSCP/OSCE)
  • Experience of malware engineering and reverse engineering
  • Low-level programing skills

Personal skills

  • Proactive, result-oriented person, who is able to work individually and in a team