Bank of Georgia’s Information Security Department is looking for a Penetration Tester.
- Communication skills (written and oral) in English are required;
- Knowledge of MITRE ATT&CK tactics and techniques;
- Experience in Wireless and Network assessment in enterprise infrastructure;
- Familiarity with Microsoft Azure and Amazon Web Services (AWS) cloud infrastructure, computing, and security;
- Knowledge with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement;
- Knowledge and ability to exploit common vulnerabilities;
- Manual Penetration Testing experience;
- Good report writing skills and oral communication skills;
- Experience in incident response, or a related field with increasing responsibility;
- Strong knowledge of Linux, Windows system internals;
- Advanced knowledge of operating system security;
- Knowledge of malware families and network attack vectors
- Strong research, analytical, and problem solving skills;
- Python and/or PowerShell scripting, knowledge of YARA, RegEx and PCRE experience desirable;
- Highly motivated, deeply passionate and able to work with little oversight or direction;
- Knowledge of current and emerging security tools and technologies, industry trends, latest threats, counter measures, and best practices;
- Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts;
- Bachelor's Degree in an IT related field and/or equivalent work experience.
- Perform white and black box testing of 3rd party developed business applications, web applications, networks, IoT devices and systems using a variety of opensource pen testing tools;
- Perform security related testing, creating test cases, performing manual and automated tests, reporting on problems encountered and documenting test results for follow-up;
- Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary, develop automation processes and implement tools and techniques to perform ongoing security assessments of the environment;
- Execute internal, external, wireless, and web application vulnerability assessments scans to include passive reconnaissance and intel collection;
- Create report of findings and provide remedial recommendations after testing is complete;
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices;
- Identifying, monitoring, analyzing, and evaluating information from multiple data sources;
- Conduct analysis of network traffic and host activity across a wide array of technologies and platforms;
- Provide initial analysis of security intelligence feeds;
- Develop and provide a Cyber Threat Intelligence Report, Monthly Report and Quarterly Report and an Annual Report.
Interested candidates, please fill in the information, attach your CV and submit by clicking “apply for position now” Deadline is January 24, 2020.