Penetration Tester
Description:
Job Statement:
NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.
Job responsibilities:
Application Penetration Testing (Browser-based, API, Mobile, IoT)
Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and Cloud on system and network levels, employing advanced ethical hacking techniques.
Threat Modeling
Source Code Review
Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.
Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated.
Organizing and delivering technical security operational briefings for both technical and non-technical audiences.
Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics.
dynamic application security testing (DAST) scans on the identified targets without credentials.
Perform credentialed DAST scans on known client URLs.
Conduct research to identify new attack vectors.
Review and provide feedback for all Security Artifacts.
Play a critical role in building an AppSec program that has a wide scope and impact.
Researching Open source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients.
Preparing and delivering clear, accurate, and concise written and oral technical reports for management.
Job specifications:
Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable
Experience:
Total Experience – 4+ years
Desired Skills:
Knowledge and Experience:
Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).
A thorough understanding of the Secure Development Life Cycle
Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.
Familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).
Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).
Mobile platform penetration testing tradecraft and methodologies across widely used platforms (iOS and/or Android).
Microservices testing
Ability to find and exploit bugs in:
C++, Java, JavaScript, Go, and Python
Kubernetes, AWS, GCP, or Azure
Memory management, namespaces, cgroups, etc.
Passion for writing code to solve problems combined with an interest in Offensive Security.
Ability to demonstrate a strong background in one of the following languages:
Golang, Python, Java, JavaScript, C++, C
Personal Attributes
Self-starter and quick learner requiring minimal ramp-up.
Excellent analytical, written, oral, and interpersonal communication skills.
Highly self-motivated, self-directed, and attentive to detail.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Strong communications skills to comfortably work cross-functionally across the organization.