About position : Conducting penetration tests, conducting web sites audit and PCI DSS segment audit, web and mobile based incident handling, creating internal documents for information security.
Conducting audit of web and mobile application according to OWASP security requirements and information security standards.
Conducting penetration tests according to PCI DSS standard.
Analysis of architectural solution on compliance with information security standards when implementing company systems.
Making presentations on information security domains for internal users.
Participation in the investigation of incidents of information security.
Processing internal user requests for application penetration testing.
Participation in the projects of web and mobile development for the assessment of the level of information security.
Carrying out of separate assignments of his direct supervisor on other matters of activity on a post.
Education : Telecommunication
Experience : 3-5 years
Language skills : Ukrainian - upper intermediate; English verbal / writing upper intermediate; technical reading / writing fluent.
PC Skills : Advanced PC user : MS Excel, Power point, Outlook, Project (preferred), Word, Jira.
Special Requirements :
Perform authorised and blackbox security tests on computer systems in order to expose weaknesses in their security that could be exploited by criminals (CTF experience is welcome)
OWASP TOP 10 and PCI DSS compliance testing for Windows, Linux and Mac operating systems, web-based interfaces checks, mobile application testing
Tools : vulnerability scanners (Nessus), Kali Linux tools, Netsparker, Burpsuite, Sonarqube
Embedded computer systems
Web / mobile applications, databases security tests
nix, windows security hardening and hack technics understanding, SCADA (supervisory control and data acquisition) control systems, wireless and mobile (3-5G) technologies security knowledge, Internet of Things (IoTs) security
Programming languages : any system level (Python, perl, bash or other) and object-oriented programming skills
Ability to read code and write automated security checks for API (json, restful, SOAP)
Network and organizational security basics understanding
Experience of software development and server administration
Understanding of basic attack vectors on software applications
Experience with discovering of information threads and viruses detection
A certificate will be a plus : Offensive Security Certified Professional (OSCP); Certified Ethical Hacker (CEH) Certification
Knowledge and ability to support Company Safety Infrastructure (SIEM, DLP, TRAPS, etc.)