Executive search firm Monroe Consulting Group is recruiting on behalf of a professional online gaming company in the country.
Job Summary:
Our respective client is looking for a Pen tester who will establish a pen testing program for use throughout the organization, completes hands on pen testing capabilities, and communicates recommended solutions for addressing findings from a pen test for the job of Senior Penetration Tester.
The Senior Penetration Tester is expected to have experience in pentesting best practices and tool usage, capable of working within guidance to safely support penetration testing operations as part of a managed team and detailed knowledge of web application, mobile applications, system and network based pentesting security tools. The job is in BGC, Taguig City, Metro Manila, Philippines and has an onsite working arrangement.
Responsibilities:
- Leverage open source and/or custom code to uncover application vulnerabilities.
- Refer to the Open Web Application Security Project (OWASP) and its top 10 list and seek weaknesses across all application security risks published in the OWASP Top 10.
- Provide manual security assessment support services in the form of penetration tests of cloud-hosted or client-hosted systems and commercial or custom applications as they are brought online or as part of change management or continuous monitoring, including maintaining a schedule of security assessments that are upcoming and in progress.
- Conduct research to identify new attack vectors.
- Review and provide feedback for all Security Artifacts.
- Develop analysis of vulnerability findings and risk reports.
- Analyst reviews, analyzes and tracks all code related scan outcomes and supports remediation of low/med/high security findings.
- Expert level understanding of system architecture and design, operating systems, network infrastructure, device configuration hardening, and patch and configuration management
Requirements:
- Bachelor's Degree or equivalent professional experience in cybersecurity industry.
- Minimum 3 years in Pen Testing and Vulnerability Assessment and/or 3 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
- Commitment to ethical hacking principles and responsible disclosure practices.
- Effective communication skills for documenting and presenting findings, as well as explaining exploit details.
- Excellent problem-solving skills, creativity, and the ability to adapt to new attack surfaces.
- Expertise in evasion techniques and bypassing security mechanisms. Capability to develop and deploy custom tools for vulnerability discovery and exploit development.
- In-depth knowledge of memory corruption vulnerabilities (e.g., buffer overflows, use-after-free).
- Familiarity with fuzzing techniques and experience running fuzzers to identify software flaws.
- Strong understanding of exploit mitigations and countermeasures.
- Extensive experience with penetration testing frameworks and tools, such as Tenable Nessus, Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap, etc.
- Hands-on experience in developing reliable and effective exploits for various target systems and applications.
- Must have one of the following Certifications: GPEN, GWAPT, GISF, GXPN, OSCP, OSCE, OSWP, OSEE, CISSP, CEH
- Extensive experience with programming or scripting languages such as Python, PowerShell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.
- Proven track record of discovering and responsibly disclosing zero-day vulnerabilities.
- Advanced skills in reverse engineering, binary analysis, and exploit development.
- Extensive expertise in cybersecurity, with a deep understanding of vulnerabilities and exploit techniques.
- Have hands-on experience in performing security testing, audit analysis & code regression testing.
- English/Chinese Bilingual Preferred
