Penetration Tester (Ethical Hacker)

Conduct penetration testing across networks, web applications, and internal systems, identifying security weaknesses and recommending corrective measures.

Gather and analyze threat intelligence data to identify emerging threats and vulnerabilities.

Analyze security logs and correlate events to identify potential threats and attacks.

Identify vulnerabilities within systems and applications using automated and manual testing techniques.

Assist with incident reporting and manage cybersecurity incidents according to established response protocols.

Proactively search for potential threats and risks within the network using advanced tools and techniques.

Develop and update SOC playbooks for threat detection and response processes.

Ensure security processes comply with industry standards, frameworks, and regulations, such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, and OWASP.

Work closely with the SOC team and other departments to ensure timely remediation of identified vulnerabilities and incidents.

Manage and optimize SIEM tools such as Splunk, IBM QRadar, LogRhythm, and ArcSight for efficient log aggregation, analysis, and threat detection.

Utilize Security Orchestration, Automation, and Response (SOAR) platforms to automate repetitive security processes and enhance efficiency.

We are looking for a skilled Penetration Tester (Ethical Hacker) for a future role to join our cybersecurity team. The role involves threat intelligence, incident response, log analysis, and utilizing security tools like Splunk, IBM QRadar, and Nessus. The ideal candidate will have certifications like CompTIA Security+ and Certified SOC Analyst (CSA), with expertise in security frameworks such as NIST, ISO/IEC 27001, and OWASP., Offensive Security Certified Professional (OSCP) or equivalent penetration testing certification (preferred)

Any relevant cybersecurity certifications (CISSP, CEH, etc.) are a plus.

Hands-on experience with SIEM solutions (Splunk, IBM QRadar, LogRhythm, ArcSight).

Proficiency in using tools such as Nessus, OpenVAS, Wireshark, and Nessus for vulnerability scanning.

Strong working knowledge of security tools such as CrowdStrike Falcon, Carbon Black, Palo Alto Cortex XDR, and Cisco SecureX.

Expertise in threat hunting and log analysis, with tools like the ELK Stack (Elasticsearch, Logstash, Kibana) and Zeek (formerly Bro).

Experience with network security tools such as Snort and SolarWinds.

Familiarity with security frameworks and standards, including NIST, ISO/IEC 27001, CIS Controls, and OWASP.

Knowledge of Security Orchestration, Automation, and Response (SOAR) platforms.

Strong knowledge of security vulnerabilities and exploit techniques.

Expertise in vulnerability management, patching, and remediation.

Solid understanding of the principles and practices of ethical hacking and penetration testing.

Ability to develop and follow SOC playbooks and incident response protocols.

Excellent analytical skills and ability to identify emerging threats.

Clear and effective written and verbal communication skills for incident reporting and technical documentation.

Familiarity with cloud security and virtual environments.

Ability to work in a collaborative environment with cross-functional teams.