Deskripsi Pekerjaan
We are looking for a talented and proactive Penetration Tester to join our security team. In this critical role, you will be responsible for proactively identifying security weaknesses within our applications, networks, and IT infrastructure. You will simulate cyber-attacks to uncover vulnerabilities and work closely with engineering teams to implement effective security measures. Your work will directly contribute to strengthening our organization's digital resilience and protecting sensitive data.
As a Penetration Tester, you will operate with a "white hat" mentality, always aiming to improve the security posture of the company. You will conduct comprehensive security assessments and provide actionable insights to stakeholders. This position offers the opportunity to work in a challenging environment where you can apply your expertise in ethical hacking and vulnerability management to solve complex security problems.
Join us in our mission to build a secure digital future. If you are passionate about cybersecurity and have a keen eye for detail, we want to hear from you.
Tanggung Jawab
- Conduct manual and automated penetration testing on web applications, APIs, and internal networks to identify security flaws and vulnerabilities.
- Perform vulnerability assessments and security audits to ensure compliance with industry standards and best practices.
- Document detailed technical reports outlining discovered vulnerabilities, exploit methods, and recommended remediation steps.
- Collaborate with software development and IT teams to integrate security controls and fix identified weaknesses.
- Stay updated on the latest security trends, exploit techniques, and vulnerability databases (e.g., CVE, OWASP).
- Assist in the development and maintenance of internal security policies and incident response procedures.
- Provide security awareness training to internal staff regarding phishing, social engineering, and secure coding practices.
Kualifikasi
- Minimum of 2-3 years of professional experience as a Penetration Tester, Security Analyst, or Ethical Hacker.
- Strong understanding of networking protocols, operating systems, and web technologies (HTTP, TCP/IP).
- Proficiency in scripting languages such as Python, Bash, or PowerShell for automation and testing.
- Familiarity with industry-standard security tools including Burp Suite, Metasploit, Nmap, and Wireshark.
- Knowledge of web application security principles, OWASP Top 10, and common attack vectors like SQL Injection and XSS.
- Excellent written and verbal communication skills to articulate complex security risks to non-technical stakeholders.
- Certifications such as CEH, OSCP, CISSP, or Security+ are highly preferred.