PCI DSS (regular)
About position: Conducting penetration tests, conducting web sites audit and PCI DSS segment audit, web and mobile based incident handling, creating internal documents for information security.
- Conducting audit of web and mobile application according to OWASP security requirements and information security standards.
- Conducting penetration tests according to PCI DSS standard.
- Analysis of architectural solution on compliance with information security standards when implementing company systems.
- Making presentations on information security domains for internal users.
- Participation in the investigation of incidents of information security.
- Processing internal user requests for application penetration testing.
- Participation in the projects of web and mobile development for the assessment of the level of information security.
- Carrying out of separate assignments of his direct supervisor on other matters of activity on a post.
Experience: 3-5 years
Language skills: Ukrainian – upper intermediate; English verbal/writing – upper intermediate; technical reading/writing – fluent.
PC Skills: Advanced PC user: MS Excel, Power point, Outlook, Project (preferred), Word, Jira.
- Perform authorised and blackbox security tests on computer systems in order to expose weaknesses in their security that could be exploited by criminals (CTF experience is welcome)
- OWASP TOP 10 and PCI DSS compliance testing for Windows, Linux and Mac operating systems, web-based interfaces checks, mobile application testing
- Tools: vulnerability scanners (Nessus), Kali Linux tools, Netsparker, Burpsuite, Sonarqube
- Embedded computer systems
- Web/mobile applications, databases security tests
- *nix, windows security hardening and hack technics understanding, SCADA (supervisory control and data acquisition) control systems, wireless and mobile (3-5G) technologies security knowledge, Internet of Things (IoTs) security
- Programming languages: any system level (Python, perl, bash or other) and object-oriented programming skills
- Ability to read code and write automated security checks for API (json, restful, SOAP)
- Network and organizational security basics understanding
- Experience of software development and server administration
- Understanding of basic attack vectors on software applications
- Experience with discovering of information threads and viruses detection
- A certificate will be a plus: Offensive Security Certified Professional (OSCP); Certified Ethical Hacker (CEH) Certification
- Knowledge and ability to support Company Safety Infrastructure (SIEM, DLP, TRAPS, etc.)