Vị trí công việc này hiện tại đã hết hạn nộp hồ sơ, bạn có thể tham khảo thêm một số công việc tương tự tại đây:
Mô tả công việc
1. Job Overview
The Penetration Tester is responsible for simulating cyberattacks to identify security vulnerabilities across systems, applications, networks, and devices. The role involves recommending remediation measures to strengthen security defenses and mitigate risks.
2. Key Responsibilities
System & Network Security Testing
• Perform vulnerability assessments on systems, including Windows, Linux, Cloud, and Kubernetes environments.
• Conduct internal network penetration tests targeting VPN, firewalls, IDS/IPS, and other network components.
• Assess and exploit security weaknesses in cloud infrastructure (AWS, Azure, GCP).
Application Security Testing (Web, Mobile, API, Thick Client)
• Test for vulnerabilities based on OWASP Top 10, API Security Top 10, and Mobile Top 10 standards.
• Evaluate application security across Android, iOS, Windows, macOS, and Linux platforms.
• Test RESTful APIs, GraphQL, and SOAP APIs using tools such as Burp Suite, Postman, ZAP, and mitmproxy.
Advanced Penetration Testing
• Perform Red Team operations and adversary simulations to emulate real-world attack scenarios.
• Leverage advanced attack techniques, including privilege escalation, lateral movement, and evasion tactics.
• Conduct Active Directory (AD) security assessments.
• Execute social engineering campaigns, including phishing, vishing, and smishing.
Analysis & Reporting
• Prepare detailed technical reports outlining vulnerabilities and recommended remediation actions.
• Present findings to clients,
developers, and stakeholders.
• Support DevSecOps initiatives by integrating security testing into the CI/CD pipeline.
Yêu cầu
Knowledge & Skills
• Strong understanding of Windows, Linux, and macOS operating systems.
• Proficient in penetration testing for Web, Mobile, Cloud, API, Network, and IoT environments.
• Hands-on experience with tools such as Metasploit, Burp Suite Pro, Cobalt Strike, Empire, BloodHound, Nmap, Wireshark, Nessus, OpenVAS, SQLmap, Mimikatz, and Responder.
• Skilled in exploiting vulnerabilities such as Buffer Overflow, Remote Code Execution (RCE), SQL Injection (SQLi), Cross-Site Scripting (XSS), XML External Entity (XXE), Server-Side Request Forgery (SSRF), Insecure Direct Object References (IDOR), Local File Inclusion (LFI), and Remote File Inclusion (RFI).
• Programming experience in Python, Bash, PowerShell, JavaScript, and C/C++.
Education & Experience
• Bachelor's degree in Information Security, Computer Science,
Software Engineering, or related fields.
• Minimum 2 to 5 years of professional experience in penetration testing or Red Team operations.
Preferred Qualifications
• Security certifications such as OSCP, OSCE, OSEP, OSED, CRTP, CRTE, PNPT, GXPN, GPEN, CEH, CPTC, or CISSP.
• Experience in SOC, SIEM, and Threat Hunting.
• Contributions to the security community through Bug Bounty programs, Capture The Flag (CTF) competitions, or CVE research.
Quyền lợi
Khác
Theo quy định của công ty
Thông tin khác
NGÀY ĐĂNG
18/07/2025
CẤP BẬC
Nhân viên
NGÀNH NGHỀ
Công Nghệ Thông Tin/Viễn Thông > QA/QC/Software Testing
KỸ NĂNG
Application Security Testing, Cloud Security, Network Security, Penetration Testing, Vulnerability Scanning
LĨNH VỰC
Hệ thống CNTT & Thiết bị
NGÔN NGỮ TRÌNH BÀY HỒ SƠ
Bất kỳ
SỐ NĂM KINH NGHIỆM TỐI THIỂU
2
QUỐC TỊCH
Không giới hạn
Xem thêm
Thông tin chung
- Ngày hết hạn: 18/08/2025
- Thu nhập: Thương lượng
Nơi làm việc
- Dubai - UAE
- Ho Chi Minh City, Vietnam
- Hà Nội, Vietnam
