Tietoevry Create is a global leader in design, data, and digital engineering services. Combining local expertise with the power of around 9,000 global team members, we build tailored digital solutions that align with our customers’ business objectives and maximize their value.
14 серпня 2024
Lead Penetration Test Engineer / Threat Analyst (m/f/d) (ID:1260) (вакансія неактивна)
Київ, Львів, Одеса, Вінниця, Івано-Франківськ, Житомир, Бидгощ (Польща), Гданськ (Польща), Варшава (Польща), Лодзь (Польща), віддалено
Infopulse, Part of TietoEvry Create, welcomes a talented professional to join our Security team as a Lead Penetration Test Engineer / Threat Analyst. We are looking for an experienced and responsible professional to be part of our expert team.
Areas of Responsibility
- Performing assessment of overall customer security level and suggest improvements
- Threat modelling
- Performing penetration testing, vulnerability scanning, secure code reviews
- Full scope of penetration testing activities like: WEB applications, desktop applications, infrastructure, mobile applications (iOS, Android), IoT and embedded systems testing
- Secure development life cycle assessment and improvements
- Providing L3 engineer support to the SOC team for complex security incidents, such as ATP
- Managing internal or external human resources for complex projects
- Documentation of internal methodology, procedures, and operations enhancement
- Mentoring and knowledge sharing with team-mates
Qualifications
- 5+ years of progressive experience in IT security
- Good understanding of computer networks, clouds, security solutions and processes
- Well-developed administrative skills in OS (Windows and Linux), docker and cloud environments administration including understanding of and experience in security aspects
- Understanding common security risks for IT infrastructure and it’s components
- Thorough knowledge of common vulnerabilities (e.g., infrastructure, WEB, network, IOT)
- Understanding of common types of WEB security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.)
- Deep understanding of MITRE-stack
- Understanding of threat modelling methodologies (CAPEC, STRIDE, Attack Tree)
- Knowledge of the international standards and best practices: OSSTMM, NIST, OSSEC, PTES, MS Ent Cloud Red Teaming
- Strong programming skills in web-related languages including security aspects and best practices
- Experience with C, Java, C# and other related languages
- Strong cybersecurity analysis and situational awareness skills
- Experience in security incidents detection and investigation
- English: upper-intermediate
Will be an advantage
- Professional security certifications (e.g., CEH, CISSP, CISM, CISA, OSCP/OSCE)
- Experience of malware engineering and reverse engineering
- Low-level programing skills
Personal skills
- Proactive, result-oriented person, who is able to work individually and in a team