Penetration Tester
Madrid, Spain
Company Description
We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 97,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world.
Job Description
Working as a key member of our global IT Security team, you will be responsible for conducting pen testing activities and vulnerability assessments. In addition, you will be involved in projects to develop our IT Security posture and play a role in the evolution of our IT Security infrastructure.
More specifically, you will:
- Identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure;
- Contribute in the preparation and documentation of Standard Operating Procedures in the IT security area such as Incident Handling, Problem Management and Forensics Investigations;
- Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency;
- Participate in evaluation and selection of products and security solutions, set the security requirements and coordinate / run PoCs / project management;
- Coordinate and / or perform penetration tests, evaluate findings and drive mitigation;
- Coordinate and / or perform vulnerability assessments, evaluate findings and drive mitigation;
- Provide reports for assessment findings, product evaluations, propositions for further system security enhancement etc;
- Hunting for web specific vulnerabilities;
- Performing manual penetration test (blackbox / greybox);
- Continuous improvement of know how in the field of application security;
- Support development teams with consultations on your findings;
- Cooperation and decision making across other penetration testing teams.
Qualifications
- Educated to degree level in Information Technology, Computer Science, or a relevant discipline;
- 3 years plus experience of web penetration testing. You will be experienced with security frameworks such as OWASP, SANS, MITRE, OSSTMM;
- Hands on experience in security systems, including antimalware / antivirus software, firewalls, intrusion detection / prevention systems, authentication systems, log management, web application firewalls, VPN, Zero-trust, cloud technologies, etc;
- Basic understanding of web-app architectures, software development concepts, PortSwigger BurpSuite or equivalent software;
- Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML, REST, JSON, WebServices, SOAP, XML and JavaScript debugging;
- Ethical Hacker Certified (CEH) required and OCSP Certification is a plus.
Additional Information
- This position will be based at our IT hub in Madrid. We offer hybrid working
A career at SGS enables you to collaborate in an open, friendly and supportive culture that thrives on teamwork, and flourish in an environment where people respect and help each other to grow and succeed. Expand and enrich your career through endless opportunities to learn, grow your expertise and fulfill your potential.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Antivirus Application security Automation Burp Suite CEH Cloud Computer Science Firewalls Forensics Intrusion detection IT infrastructure JavaScript JSON OWASP Pentesting POCs SANS SSO VPN Vulnerabilities XML
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs