Offensive security - pen test senior

Werkgever:
Euroclear
Regio:
 
Functieomschrijving

The main responsibilities:

  • Support and eventually define complete Pen test plans for applications within the scope of testing 
  • Support the co-ordination of pen tests that require 3rd parties to execute the tests. This would include test specification, engagement with respective stakeholders, ensuring connectivity and supporting the results output and dissemination. 
  • Do some pen testing to retest or prove remediation activities
  • Document applications as part of pen test roadmaps in support of ongoing testing and remediation activities
  • Advise Offensive Security teams and on their strategy and share with Application or project leads as required
  • Review and support changes to offensive security frameworks and use of other testing techniques. Follow the approved pen test processes
  • Perform testing of applications to verify remediation and align with Risk Management with results
  • Represent the Offensive Security team with other test teams and be a centre of competence for the team. 
  • Support the team and the wider community with Agile activities, learning and reporting
  • Actively support continuous improvement through the use of AI and automation skills

    • In this role you will encounter the full spectrum of the attack chain. Ranging from web applications to binary exploitation and infrastructure. Good understanding of the (security) policies will be required to provide accurate assessments to stakeholders and to test applications and business processes in innovative ways to stress them as much as possible.
    Technical skills


    • Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset.
    • Experience in another organisation within a pen test environment with design, execution and consulting of remediation would be an advantage
    • Experience with the use of other application security test methods to support traditional pen test methods would be a distinct advantage. 
    • Good understanding of Application security including OWASP TOP 10, and willingness to learn with regard to a broad range of attacks (SQLi, XSS, Overflows, DLL-Hijacking…)