Поиск вакансий по:
Написать письмо

Поля отмеченные звездочкой (*), обязательны для заполнения.

Вакансия перенесена в архив

Penetration Tester

  • з/п не указана

    Тип занятости: Полная
    График работы: 5-ти дневная рабочая неделя
    Место работы: на территории работодателя
  • Воронеж

    Воронежская область
    Сфера деятельности: Информационные технологии. Интернет. Телеком
    Образование: высшее
    Опыт работы: от 1 года


Gathering all available information on system and solution exploitability (XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting and other) and security weakness from a variety of open sources (technical documentation, source code, communication with project and development teams)
Development of penetration testing strategies based on customer risk analysis, threat models. technical and business solution/environment architecture and specifics of telecom domain
Assessing application and solution security controls against «black box», «grey box» and «white box» attacks using both manual and automated penetration techniques
Assessment of penetration test results with development teams, contribution to risk mitigation actions
Source code analysis (client/server/database) for vulnerabilities with scanning tools
Analysis of customer and 3rd party penetration test results, communicating security to the customer
Contribution to developing training programs for development and testing teams


At least 1 year of experience as a penetration tester
Minimum 2 years in IT engineering or testing
Proven abilities to approach a black box and survive, deliver results even if electricity goes out
Hands-on experience with vulnerability scanners (static and/or dynamic) and frameworks, including but not limited to Acunetix, OWASP ZAP, Burp, Nmap, Metasploit Framework
Perfect knowledge of OWASP methodology and web vulnerabilities - you can easily explain and show how it works
Desirable skills - Java, JavaScript. PL/SQL development. system/network administration
Great if you have come across PCI, NIST guidelines including PII, ISO2700x, cloud security.
English - you feel like you will speak fluently in a year from now


оформление по ТК РФ;

Opportunities for career development
Opportunities to make business trips (Europe, Canada, USA, Australia, etc)
Professional growth in the international business environment
Medical insurance for employees
Salary will be discussed individually with the successful candidate