Position Summary:

We are looking for talented Penetration Testing Engineer to work closely with qTech. Board, developers, Q.C., and network engineer executing test iterations, tracking / reporting results, troubleshooting and coordinating defect resolution. 

Responsibilities:

• Responsible for applications Penetration testing monitoring, identifying, and exploiting security vulnerabilities in web-based applications, mobile applications, and systems.
• Conduct penetration testing, identifying vulnerabilities, and providing remediation steps.
• Planning and executing penetration tests with the larger team
• Solid knowledge and experience of using a variety of penetration testing or threat modeling tools including open source and commercial
• Probe for vulnerabilities in applications.
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws.
• Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies.
• Research, document and discuss security findings with management and IT teams.
• Review and define requirements for information security solutions.
• Identifying threats using threat risk modeling and creating solutions or mitigation approaches
• Be sensitive to qTech. considerations when performing testing
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization.
• Any other duties may be assigned.

متطلبات الوظيفة

Job Requirements / Qualification:

• B.S. Computer Science, Engineering, or related experience.
• 3+ years of work experience in an Information Security role.
• Infrastructure penetration testing is a plus
• Excellent communication, documentation, and presentation skills in business-level English.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Great awareness of cybersecurity trends and threats.
• Interest in all aspects of security research and development.
• Experience in secure code review, coding design development, and risk mitigation. 
• Prior experience in programming/scripting knowledge is a plus.
• Full-stack understanding of end-to-end application communications.
• Cyber attacker mindset, a good learner with an innovative mind, and problem-solving abilities.