Penetration Tester

Procter & Gamble's Information Security Protect organization focuses on simulating threat actor behaviors to improve security controls across the enterprise. The company operates globally with a portfolio of trusted brands and has operations in approximately 70 countries.

Required:

• BA or BS degree in Information Security, Cyber Security, Computer Science, or related field (OR 2+ years of relevant experience in lieu of a degree).
• 2+ years of experience performing security testing.
• Ability to automate tasks by writing basic scripts/programs in at least 1 language (Python, PowerShell, C#, Assembly languages, etc.).
• Basic level command-line experience with Linux-based operating systems.
• Experience in exploiting weaknesses in 2 or more of the following domains: enterprise applications, web applications, mobile applications, databases, infrastructure, IoT devices, network and cloud infrastructure, server, mainframe, and directory services.
• Ability to read and understand programming languages.
• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure).
• Basic familiarity with multiple operating systems, minimally Windows and Linux.
• An adversarial mindset.
• Communication skills (written and verbal) with an ability to articulate complex topics clearly.

Preferred Skills:

• One or more penetration testing certifications (OSCP, OSWE, GPEN, GXPN, GWAPT, etc.).
• Publicly released tools or modules.
• Experience in CTF competitions or Bug Bounty programs.
• Experience in mobile (iOS/Android) application development/assessment.
• Experience in Internet of Things (IoT) security and exploitation.

• Consult, design, and execute adversary simulation scenarios.
• Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities.
• Work with cross functional teams to develop remediation suggestions based on scenario outcomes.
• Report observations using a standardized reporting structure.
• Bypass preventative and detective security controls to accomplish scenario goals.
• Conduct research into real-world threat actor tactics, techniques, and procedures to develop proof of concept tools.
• Investigate findings from the Vulnerability Disclosure Program.
• Partner with Cyber Defense Protect, Detect and Respond teams to operationalize new Cyber Security concepts and processes.
• Identify areas for team process improvement.

Employment is exclusively extended on the basis of an "Umowa o Pracę" (Full-time Employment Contract). Apply only if you agree to these conditions. Equal opportunity employer statement included.