Job Description
Main Objective of the Position:
This is an exciting opportunity to join our IT department as a Penetration Tester and play a key role in safeguarding our organization digital assets. You'll leverage your offensive security expertise to proactively identify vulnerabilities in our systems, networks, and applications. As a trusted advisor, you'll collaborate across departments to translate your findings into actionable recommendations, fostering a security-conscious culture throughout the organization.
In this role within the SDLC (Software Development Life Cycle), you'll actively participate in security assessments from the planning stages, ensuring potential weaknesses are addressed before deployment. By continuously honing your skills and staying abreast of the
latest hacking techniques, you'll be instrumental in maintaining our organization cutting- edge security posture.
Main Job Responsibilities:
- Plan and conduct black-box, white-box, and gray-box penetration testing
- engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
- Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
- Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
- Document findings, develop security reports, and present them to relevant stakeholders.
- Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
- Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
- Continuously improve the organization security posture by creating, developing,
- maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
- Promote security awareness and best practices throughout the organization.
- Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
- Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
- Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.
Requirements Needed Competencies:
- Excellent communication skills to convey technical findings to both technical and non-technical audiences.
- Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
- Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
- Foster a collaborative environment where security is viewed as a shared responsibility.
- Effectively mentor and train security best practices to internal teams (developers, operations, etc.).
Knowledge, skills and abilities: - Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.
- Network security concepts (firewalls, IDS/IPS, network protocols).
- Web application security principles (OWASP Top 10) and testing methodologies.
- Mobile application security testing for Android and iOS.
Preferences: - Offensive Security Certified Professional (OSCP) or equivalent certification
- Experience in cloud penetration testing (e.g., AWS, Azure, Mendix)
- Demonstrated expertise in identifying and mitigating data exfiltration vulnerabilities across application layers and integration points.
- Experience in code review for control flow and security flaws.
- Experience in low-code/no-code application security testing (a plus).
- Understanding of security standards and frameworks, such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top Ten, and general security best practices.
- Hands-on experience with security frameworks (NIST, ISO27001, etc.) and risk assessment methodologies.
- Experience with scripting languages (Python, Bash) for automating penetration testing tasks.
- Familiarity with security automation tools.
- Excellent written and verbal communication skills to convey technical findings to both technical and non -technical audiences.
- Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
Education: Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)
Experience: - 3+ years of experience in penetration testing or a related security discipline
- 2+ years of experience with vulnerability management tools and processes
Job Details
- Job Location
- Amman Jordan
- Company Industry
- Other Business Support Services
- Company Type
- Unspecified
- Employment Type
- Unspecified
- Monthly Salary Range
- Unspecified
- Number of Vacancies
- Unspecified
