Senior Penetration Tester

Overview

Yondu, Inc. Taguig, National Capital Region, Philippines

Senior Penetration Tester is responsible for conducting thorough security assessments, managing IT infrastructure for ongoing vulnerability scans, and leading large-scale projects. The role involves identifying and addressing critical flaws in systems and applications, presenting comprehensive reports, and assisting clients in achieving their security goals.

• Serve as a penetration tester and security analyst for clients and the company.
• Analyze vulnerabilities of target systems and provide guidance.
• Perform continuous scanning for the company\'s systems, infrastructure, and network to identify vulnerabilities.
• Manage and schedule all company\'s IT systems and infrastructure for vulnerability scanning.
• Act as a subject matter expert in vulnerability management and penetration testing (VAPT).
• Lead large-scale information security projects, including the implementation and delivery of new infrastructure security scanning capabilities.
• Partner with teams to align technology implementation processes and reduce vulnerabilities.
• Support the continuous improvement of the vulnerability management program initiatives, process, and technology integration.
• Prepare and present daily, weekly, monthly, quarterly, and annual reports as required by the Immediate Superior.
• Conduct comprehensive penetration testing activities to identify potential vulnerabilities and exploit them within ethical boundaries.
• Analyze and report findings from penetration testing assessments, including recommended remediation actions.
• Collaborate with IT teams to implement necessary security measures and safeguards based on identified vulnerabilities.
• Stay up to date with emerging threats and techniques related to penetration testing.
• Help clients achieve their information security goals by providing recommendations, assistance, and participation in vulnerability assessments, penetration tests, security improvement initiatives, security management programs/processes, policies, technical implementations, and compliance with standards or frameworks.
• Handle VAPT projects as Senior Engineer, conducting vulnerability analysis and penetration testing, presenting risk rankings and mitigation recommendations, crafting executive reports, and presenting results to stakeholders.
• Perform internal security analysis tasks and knowledge transfers on-demand with team and other departments. Conduct formal penetration tests on web-based applications, networks, and computer systems.
• Conduct physical security assessments of servers, systems, and network devices.
• Work on improvements for security services, including continuously enhancing existing methodology material and supporting assets.
• Research, document, and discuss security findings with management and IT teams.
• Employ social engineering to uncover security holes (e.g., poor user security practices or password policies).
• Probe for vulnerabilities in web applications, fat/thin client applications, and standard applications.
• Pinpoint methods attackers could use to exploit weaknesses and logic flaws.
• Write and present a comprehensive vulnerability assessment.
• Manually validate report findings to reduce false positives.
• Identify critical flaws in applications and systems that cyber attackers could exploit.

• Education – Bachelor’s degree/Diploma in Computer Science, Cybersecurity, Information Technology, or related field.
• 4-5 years of experience in VAPT.
• Relevant cybersecurity certifications, such as CEH, CTIA, CHFI, CISSP, CISM, CISA, and other technical red/blue certifications.
• Related work experience in penetration testing, vulnerability assessment, and information security.
• Experience in managing and leading teams, preferably in the context of VAPT projects.

• Mid-Senior level

• Full-time

• Information Technology