Job Description
Main Job Responsibilities:
- Plan and conduct black-box, white-box, and gray-box penetration testing
- engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
- Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
- Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
- Document findings, develop security reports, and present them to relevant stakeholders.
- Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
- Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
- Continuously improve the organization security posture by creating, developing,
- maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
- Promote security awareness and best practices throughout the organization.
- Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
- Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
- Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.
Skills
Requirements
Needed Competencies:
- Excellent communication skills to convey technical findings to both technical and non-technical audiences.
- Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
- Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
- Foster a collaborative environment where security is viewed as a shared responsibility.
- Effectively mentor and train security best practices to internal teams (developers, operations, etc.).
Knowledge, skills and abilities:
- Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.
- Network security concepts (firewalls, IDS/IPS, network protocols).
- Web application security principles (OWASP Top 10) and testing methodologies.
- Mobile application security testing for Android and iOS.
Preferences:
- Offensive Security Certified Professional (OSCP) or equivalent certification
- Experience in cloud penetration testing (e.g., AWS, Azure, Mendix)
- Demonstrated expertise in identifying and mitigating data exfiltration vulnerabilities across application layers and integration points.
- Experience in code review for control flow and security flaws.
- Experience in low-code/no-code application security testing (a plus).
- Understanding of security standards and frameworks, such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top Ten, and general security best practices.
- Hands-on experience with security frameworks (NIST, ISO27001, etc.) and risk assessment methodologies.
- Experience with scripting languages (Python, Bash) for automating penetration testing tasks.
- Familiarity with security automation tools.
- Excellent written and verbal communication skills to convey technical findings to both technical and non -technical audiences.
- Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
Education:
Bachelors degree (or equivalent experience) in a related field (e.g., computer science, information security)
Experience:
- 3+ years of experience in penetration testing or a related security discipline
- 2+ years of experience with vulnerability management tools and processes
Job Details
- Job Location
- Amman Jordan
- Company Industry
- IT Services
- Company Type
- Employer (Private Sector)
- Job Role
- Information Technology
- Employment Type
- Full Time Employee
- Monthly Salary Range
- Unspecified
- Number of Vacancies
- 1