Penetration Tester
Brak informacji o wynagrodzeniu
MidFull-time·Umowa o pracę
#383928·Dodano dziś·0
Źródło: justjoin.itTech Stack / Keywords
Burp Suite ProfessionalCaidopenetration testingapplication security testingvulnerability validationOffensive SecurityPythonPowershell
Firma i stanowisko
The Information Security Protect organization at Procter & Gamble is responsible for simulating threat actor behaviors to improve applications, systems, detection, and response capabilities by regularly testing security controls across the enterprise.
Wymagania
Qualifications (Required):
- Bachelor's degree or equivalent in Information Security, Cybersecurity, Computer Science, or related field, or 2+ years relevant experience.
- Over 2 years experience in penetration testing, application security testing, vulnerability validation, or offensive security.
- Ability to lead defined-scope penetration tests and escalate complex or high-risk issues.
- Experience with vulnerabilities in 2+ domains such as web apps, APIs, mobile apps, cloud infrastructure, databases, networks, servers, IoT, identity platforms, or AI systems.
- Ability to automate tasks using languages like Python, PowerShell, Bash, Go, C#, or JavaScript.
- Basic Linux command-line experience and familiarity with Windows environments.
- Ability to read and understand code to identify security-related logic.
- Basic hands-on experience with at least one major cloud provider (GCP, AWS, or Azure).
- Adversarial mindset with strict adherence to rules of engagement.
- Clear written and verbal communication skills.
Qualifications (Preferred Skills):
- Penetration testing or security certifications such as OSCP, OSWE, GPEN, GXPN, GWAPT, PNPT, or eJPT.
- Experience with CTFs, Bug Bounty programs, Vulnerability Disclosure Programs, or public technical write-ups.
- Experience using AI tools for reconnaissance, code review, vulnerability triage, or reporting.
- Exposure to testing AI-enabled applications, LLM systems, AI agents, or related workflows.
- Experience with mobile, IoT, embedded systems, firmware, reverse engineering, or hardware security testing.
- Exposure to cloud and identity attack paths including SSO, MFA, OAuth, IAM, secrets exposure, conditional access, or privilege escalation.
- Familiarity with tools such as Burp Suite, Nmap, Metasploit, Frida, Ghidra, IDA, BloodHound, or cloud security testing tools.
- Curiosity, humility, and desire to improve technical depth and reporting quality.
Obowiązki
- Lead penetration tests across websites, services, APIs, infrastructure, cloud environments, networks, IoT devices, mobile applications, and enterprise applications.
- Partner with Intake Management, senior testers, and stakeholders to confirm objectives and engagement readiness.
- Execute reconnaissance, vulnerability discovery, exploitation, evidence collection, reporting, and remediation validation.
- Identify, validate, exploit, and document security vulnerabilities within approved scope.
- Validate related vulnerabilities to demonstrate realistic impact and escalate complex attack chains.
- Test for control gaps and document weaknesses in preventative or detective controls.
- Investigate and validate findings from Vulnerability Disclosure Programs and Bug Bounty initiatives.
- Collaborate with engineering, product, cloud, infrastructure, and security teams to explain findings and support remediation.
- Utilize approved scripts, templates, automation, and AI-assisted workflows to enhance testing efficiency and reporting.
- Assist with testing AI-enabled applications and integrations for security risks.
- Produce standardized reports with reproduction steps, evidence, impact, affected systems, and remediation guidance.
- Contribute to team knowledge sharing, documentation, test notes, templates, and process feedback.
Benefity
- Work on P&G-sized projects with access to leading IT partners and technologies from day one.
- Wide range of self-development opportunities including training and certification paths.
- Competitive starting salary and benefits including private health care, P&G stock, saving plans, and sport cards.
- Regular salary increases and potential promotions based on performance.
- Opportunity to change roles every few years for career growth.
- Hybrid work model allowing two days remote work and three days in the office weekly.
Opieka zdrowotna
Udziały pracownicze
Karta sportowa
Inne informacje
Employment is exclusively on the basis of a full-time employment contract (Umowa o Pracę). Apply only if you agree to these conditions.
Procter & Gamble
25 aktywnych ofert