I am looking for four (4) Pen Testers for the European Commission in Luxembourg, with at least 3 years experience in pen testing.
-Vulnerability assessment and handling;
-IT security compliance checking;
The systems to test include a wide range of operating systems, network components, database systems, application servers;
-Operate the infrastructure and solutions necessary for security vulnerability assessment and security technical compliance service;
- In close partnership with customers/system owners, execute vulnerability and compliance assessments,
- Preparing/specifying the tests, planning; Performing the tests;
-Analysing results, drafting recommendations, drafting executive and technical reports;
-Follow-up remediation plans;
-Perform security watch on new vulnerabilities, exploits and attack methods;
In specific cases (ex for unpatched vulnerabilities):
-perform technical analysis and examination of new vulnerabilities;
-determine the appropriate response to mitigate or repair it;
-notify the various parts about the vulnerability and share information about how to fix or mitigate it and coordinate vulnerability response;
Define and improve the service from a technical and organizational perspective
-Keep watch and implement appropriate tools to deliver the service;
-Integrate pen tests results within the frame of vulnerability management.
-Systems hardening and implementation of measures to comply with applicable security policies such as Privileged User Access Control and Security Monitoring;
-Documentation (configuration, security operating procedures) will have to be developed and maintained.
Improve monitoring rules and provide support to analysts
By sharing knowledge with security analysts on system related aspects, participating in improving correlation rules, discovery and assessment techniques and measures.
Support in the analysis phase: provide input related to impacted assets, vulnerability knowledge;
Support in elaborating the response strategy and mitigation measures;
SKILLS AND EXPERIENCE
-3 years experience in risk evaluation and remediation;
-3 years experience in Vulnerability Assessment and Security compliance solutions;
-Certifications such as GPEN, GWAPT, GWPN are a strong advantage
-3 years experience in hardening systems security;
-Experience in UNIX (Sun Solaris and Linux RedHat) system administration and or Oracle Databases;
-Experience with basic network protocols such as TCP/IP, IP/SEC, SMTP, DNS, etc., and network equipment such as switches, hubs, routers, etc;
-Strong hands-on experience in the security of Windows / UNIX (including Linux) environment;
-Knowledge of scripting language (Perl, python, windows PowerShell …);
-A very good command of English and French (written and spoken);
-Able to become security cleared at UE SECRET level.
You can contact me either on email@example.com or on the following number +32 2 238 17 44