Engineer Pentesting
Vertiv
- Cluj-Napoca, Cluj
- Permanent
- Full-time
- Conduct security evaluation and threat assessments of embedded systems, mobile applications, web applications
- Conduct research for the purposes of finding new vulnerabilities and enhancing existing capabilities
- Circumventing security protection methods and techniques
- Performing data bus monitoring (snooping) and data injection
- Conduct communications protocol analysis in the embedded products, and applications
- Conduct wireless communications channel snooping, and data injection
- Learn to reverse engineering complex systems and protocols
- Create detailed technical reports and proof of concept code to document findings
- Perform System Breakdown of the project/product before testing, identify and evaluate all the testing requirements and plan out the detailed testing activities, resources etc. with the help of Senior/Lead test engineers
- Provide proactive detailed interaction with respective engineering group on the testing needs, testing progress/status and provide detailed analysis report
- Bachelor's Degree in Information Technology, Computer Science or related field is highly desirable.
- Advanced security qualifications such as OSCP (Offensive Security Certified Professional) certification, CEH (Certified Ethical Hacker) or equivalent.
- Five or more years (5+ years) of experience in information, application, or embedded product security and/or IT risk management.
- Two or more years (2+ years) of pentesting experience with a strong interest / personal experience in pentesting (CTF, HacktheBox, etc.)
- Solid understanding of security protocols, cryptography, authentication, authorization, and security
- Good working knowledge of current IT risks and experience implementing security solutions
- Ability to interact with a broad cross-section of personnel to articulate and enforce security measures
- Excellent written and verbal communication skills as well as business acumen
- Strong ability to establish partnerships and influence change and achieve results within dynamic environment
- Meaningful technical contributions into the development lifecycle of an application, product, or service
- Understanding and development experience of embedded systems / software, and web-based applications
- Linux network device driver/data-path performance exposure
- Familiarity with compilers, debuggers, disassemblers, and other low-level development and analysis tools
- Exposure to binary analysis tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda and S2E
- Working knowledge of hacking tools and techniques such as memory corruption exploits, rootkits, protocol poisoning, browser-based attacks, DNS poisoning, MetaSploit, nmap, Nessus, etc.
- An understanding of common cryptographic algorithms and protocols including their weaknesses and attacks against them
- Understanding of network protocols and experience developing packet-level programs
- Understanding of common microcontroller programming tools and debugging interfaces
- Exposure to Layer 2, Layer 3 networking, QoS
- Knowledge of common malware/botnet exploits and how they are targeted to exploit embedded systems
- Operating system configuration of Windows, Linux, Android, and iOS
- Computer boot process including boot loaders
- Preference given to other practical skills such as: functional analysis, memory image capture, static memory analysis, and data element extraction, etc.
- Use of Gitlab for issue management, tool usage experience preferred