Opis ponude za posao

PURPOSE

As a Lead Penetration Tester, part of the SITA Enterprise Information Security Office, you will assess SITA infrastructure and products to identify information security weaknesses and provide remediation strategies.  You will also contribute to the automation of security testing as part of the product development lifecycle.

KEY RESPONSIBILITIES

  • Conduct authorized assessment of infrastructure and applications to proactively identify security weaknesses.
  • Verify weaknesses by leveraging attacker techniques to evaluate the difficulty and effectiveness of potential attack from various threat actors.
  • Provide comprehensive and actionable recommendations to counter the threat posed by identified security weaknesses, given the applicable threat landscape.
  • Bring an offensive mindset to the design of internal solutions and provide input to the selection of countermeasures and security controls through technical risk assessment.
  • Report findings to technical audiences (e.g.: product development teams, IT, operations), and to business management and leadership, indicating the impact to the business of verified weaknesses found.
  • Research and develop testing tools, techniques and processes.
  • Assist incident response and security threat surveillance functions to advise on current attacker tools, techniques and procedures.
  • Contribute to the continuous improvement of security processes, tools and techniques to counter threats faced by SITA and our customers.
  • Contribute to the automation of security activities as part of the DevOps lifecycle.
  • Provide guidance on secure product design: Threat Modelling, architecture reviews.
Uvjeti radnog mjesta
  • 5-7 years' experience in at least three of the following fields:
  • Network penetration testing
  • Web and mobile application assessments
  • Cloud penetration testing (Azure, AWS,…)
  • Mastery of Unix/Linux/Windows operating systems, including bash and PowerShell, shell scripting or automation of simple tasks using Python, Ruby or Perl
  • Developing security test automation as part of a DevOps CI/CD pipeline
  • Masters degree in a technical discipline such as Information Security, Computer Science, Engineering, Telecommunications, Mathematics, Physics, or enough work experience to demonstrate proficiency at this level
  • Excellent ability to think laterally and solve problems in unique ways
  • Ability to relate work to the business, understanding the impact to business processes, not just technical impact
  • Strong knowledge of attacker tools, techniques and procedures
  • Strong understanding of network technologies such as TCP/IP, routing, switching, NAT, Wireless/WiFi, etc.
  • Strong ability to research and maintain currency with the latest approaches to penetration testing, including learning new tools and technologies
  • Good understanding of security compliance frameworks (e.g. ISO/IEC 27001, PCI DSS, etc.)
  • Good understanding of common business applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment
  • Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10)
  • At least a basic understanding of development frameworks (.NET, Java,…)
  • Ability to remain calm and methodical under pressure
Poželjno
  • Penetration Testing certification (e.g. OSCP, GPEN) is considered a strong advantage
  • Professional security certification (e.g. CISSP, CISA) is a plus
Dodatne pogodnosti

We're all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We're really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.

 

🏡 Flex Week: Work from home up to 2 days/week (depending on your team's needs)

Flex Day: Make your workday suit your life and plans.

🌎 Flex-Location: Take up to 30 days a year to work from any location in the world.

🌿 Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health - a personalized platform that supports a range of wellbeing needs.

🚀 Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!

🙌 Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.

Informacije o poslu
Sektor:
Telecommunications
Vrsta zanimanja:
Information and communications technology professionals
Područje obrazovanja:
Computing, Mathematics and statistics
Radno iskustvo:
Work experience is required
Trajanje radnog iskustva:
More than 5 years
Jezične vještine:
  • English
  • Fluent
Required skills:
levels of software testing, manage product testing, perform ICT security testing, perform software recovery testing, plan software testing, provide software testing documentation
Raspon plaće (Mjesečno):
3750 - 4500 EUR (Gross pay)
Date of expiry:
Link for more information:
careers.sita.aero/jobs/8051?lang=en-us&previousLocale=en-US

Similar job offers

About organisation

Imagine a world where travel connects us all, hassle-free. That's the world SITA has been shaping for 75 years. Back in 1949, 11 visionary airlines came together to create SITA and transform travel forever. From the beginning, our mission has been clear: to revolutionize the industry. We started by building the world's largest data network and even contributed to the birth of the internet.Since… Saznajte više

Loading...