Careers

Job description

You would be supporting our clients to meticulously assess the security posture of their web applications and websites.

You would be required to have or develop a strong responsibility for your personal development, which would be supported by us.

Location: Remote

Levels: Entry-level to Senior

Useful knowledge

Good to have but not mandatory, basic to advanced knowledge of the following:

• Computer networking and how web applications support businesses.
• The HTTP protocol, popular web technologies and their associated vulnerabilities and issues.
• The various Penetration Testing approaches and methodologies, especially the OWASP Testing Guide, OWASP ASVS and other content from OWASP.
• PCI DSS - The Payment Card Industry Data Security Standard
• General knowledge of NIST's Security Standards.
• Vulnerability databases and rating schemes and how it applies to Penetration Testing. e.g. NVD, CVE, CVSS

Useful skills

Good to have but not mandatory, basic to advanced skills of the following:

• Practical experience in Penetration Testing or Web Development.
• Experience using, administering, and troubleshooting Linux and Windows web related environments.
• Practical experience using web security tools like proxies, web vulnerability scanners. Burp Suite, Nessus, Nmap, and Metasploit
• Practical experience using common security tools. e.g. nmap, sslscan, dirbuster, hydra, Metasploit.
• Practical experience using a programming language. Ideally: Python, Ruby, Bash, PHP, Perl, C, or C++
• Good written, verbal and presentational communication skills as part of collaborating with clients and team members towards developing the business.

Qualifications

Good to have but not mandatory.

• OSCP, OSCE
• eJPT, eWPT, eWPTX, eCPTX, eCPPT, eNDP, eWDP
• Pentest+, Security+
• GPEN, GWAPT, or GXPM
• SSCP, CISSP, CSSLP
• ASc., BSc.

Perks

• Healthy work-life balance
• Flexible working environment
• Training opportunities
• Qualification sponsorship
• Negotiable support
• Collaborative, creative, and positive culture
• Incentive system
• Competitive remuneration

Job description

You would be supporting our clients to simulate attacks against their corporate IT network to identfy security vulnerabilities and issues.

You would be required to have or develop a strong responsibility for your personal development, which would be supported by us.

Location: Remote

Levels: Entry-level to Senior

Useful knowledge

Good to have but not mandatory, basic to advanced knowledge of the following:

• Computer networking and how web applications support businesses.
• The HTTP protocol, popular web technologies and their associated vulnerabilities and issues.
• The various Penetration Testing approaches and methodologies, especially the OWASP Testing Guide, OWASP ASVS and other content from OWASP.
• PCI DSS - The Payment Card Industry Data Security Standard
• General knowledge of NIST's Security Standards.
• Vulnerability databases and rating schemes and how it applies to Penetration Testing. e.g. NVD, CVE, CVSS

Useful skills

Good to have but not mandatory, basic to advanced skills of the following:

• Practical experience in Penetration Testing or Web Development.
• Practical experience using open source and commercial security assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus).
• Experience using, administering, and troubleshooting Linux and Windows web related environments.
• Practical experience using security OSs and tools. e.g. Kali Linux, Nexpose, Nessus, Burp Suite, Core Impact, Metasploit, etc.
• Practical experience using common security tools. e.g. nmap, sslscan, dirbuster, hydra, Metasploit.
• Practical experience using a programming language. Ideally: Python, Ruby, Bash, PHP, Perl, C, or C++

Responsibilities

• Identify and validate new security vulnerabilities and issues.
• Assess the adequacy and effectiveness of existing security controls.
• Report findings with clarity, relevance and impact for clients.
• Devises plans and scenarios for various types of penetration tests
• Supports developing Rules of Engagement, scoping documents and reports.
• Contribute to developing test cases where necessary to support our different security testing and assessment services.
• Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests
• Maintain good security awareness, stay informed of current industry developments, vulnerabilities, and opportunities.
• Document and organise project tasks and findings appropriately, clearly, and accurately to support internal reviews and quality assurance.

Qualifications

Good to have but not mandatory.

• OSCP, OSCE
• eJPT, eWPT, eWPTX, eCPTX, eCPPT, eNDP, eWDP
• Pentest+, Security+
• GPEN, GWAPT, or GXPM
• SSCP, CISSP, CSSLP
• ASc., BSc.

Perks

• Healthy work-life balance
• Flexible working environment
• Training opportunities
• Qualification sponsorship
• Negotiable support
• Collaborative, creative, and positive culture
• Incentive system
• Competitive remuneration

Job description

You would be supporting to research both offensive and defensive Cyber Security, cyber crime, malware, and develop our internal security intelligence for both internal and external purposes.

You would be required to have or develop a strong responsibility for your personal development, which would be supported by us.

Location: Remote

Levels: Entry-level to Senior

Useful knowledge

Good to have but not mandatory, basic to advanced knowledge of the following:

• Computer networking and how web applications support businesses.
• The HTTP protocol, popular web technologies and their associated vulnerabilities and issues.
• The various Penetration Testing approaches and methodologies, especially the OWASP Testing Guide, OWASP ASVS and other content from OWASP.
• PCI DSS - The Payment Card Industry Data Security Standard
• General knowledge of NIST's Security Standards.

Useful skills

Good to have but not mandatory, basic to advanced skills of the following:

• Practical experience in reverse engineering tools (disassemblers, decompilers, debuggers) and processes (unpacking malware, reconstructing code logic, etc), Security Administration, Penetration Testing, or Web Development.
• Experience using, administering, and troubleshooting Linux and Windows environments.
• Practical experience using security OSs and tools. e.g. Kali Linux, Nexpose, Nessus, Burp Suite, Core Impact, Metasploit, etc.
• Practical experience using common security tools. e.g. nmap, sslscan, dirbuster, hydra, Metasploit.
• Practical experience using a programming language. Ideally: Python, Ruby, Bash, PHP, Perl, C, or C++
• Document and organise project tasks and findings appropriately, clearly, and accurately to support internal reviews and quality assurance.

Responsibilities

• Produce high-quality threat intelligence reporting for different audiences, including actionable mitigation and detection guidance.
• Identify and validate new security vulnerabilities and issues.
• Assess the adequacy and effectiveness of existing security controls.
• Report findings with clarity, relevance and impact for clients.
• Contribute to developing test cases where necessary to support our different security testing and assessment services.
• Document and organise project tasks and findings appropriately, clearly, and accurately to support internal reviews and quality assurance.
• Maintain good security awareness, stay informed of current industry developments, vulnerabilities, and opportunities.

Qualifications

Good to have but not mandatory.

• OSCP, OSCE
• eJPT, eWPT, eWPTX, eCPTX, eCPPT, eNDP, eWDP
• Pentest+, Security+
• GPEN, GWAPT, or GXPM
• SSCP, CISSP, CSSLP
• ASc., BSc.

Perks

• Healthy work-life balance
• Flexible working environment
• Training opportunities
• Qualification sponsorship
• Negotiable support
• Collaborative, creative, and positive culture
• Incentive system
• Competitive remuneration

Job description

You would be supporting our clients to meticulously assess the security posture of their web applications and websites.

You would be required to have or develop a strong responsibility for your personal development, which would be supported by us.

Location: Remote

Levels: Entry-level to Senior

Useful knowledge

Good to have but not mandatory, basic to advanced knowledge of the following:

• General and broad knowledge of computer networking, infrastructure and devices.
• General and broad knowledge of security processes, roles and functions.
• General and broad knowledge of security frameworks and methodologies.
• General and broad knowledge of web technologies

Useful skills

Good to have but not mandatory, basic to advanced skills of the following:

• Disciplined and organised in your approach to work.
• Creative and innovative towards finding solutions to both technical and non-technical issues.
• Writes, speaks and presents well.
• Embraces the process to research and document findings in a relevant way.

Responsibilities

• Monitor, evaluate and analyze security incidents.
• Collaborate in how we design, implement and optimize our security operations
• Continuously improve the security of our IT infrastructure
• Administer security awareness sessions for clients.
• Document and continuously update security processes, and guides.
• Assess the security of related third-parties and collaborate with them to meet security requirements.

Qualifications

Good to have but not mandatory.

• OSCP, OSCE
• eJPT, eWPT, eWPTX, eCPTX, eCPPT, eNDP, eWDP
• Pentest+, Security+
• GPEN, GWAPT, or GXPM
• SSCP, CISSP, CSSLP
• ASc., BSc.

Perks

• Healthy work-life balance
• Flexible working environment
• Training opportunities
• Qualification sponsorship
• Negotiable support
• Collaborative, creative, and positive culture
• Incentive system
• Competitive remuneration

Job description

You would be supporting our clients to assess business risk and their relation to security compliance requirements.

You would be required to have or develop a strong responsibility for your personal development, which would be supported by us.

Location: Remote

Levels: Entry-level to Senior

Useful knowledge

Good to have but not mandatory, basic to advanced knowledge of the following:

• Functional knowledge of privacy and security compliance requirements and standards (GDPR, PCI, SOX, HIPAA)
• Functional knowledge of risk management processes, frameworks, and approaches. (e.g. NIST RMF, ISACA Risk IT, ISO/IEC 27005)
• General knowledge of IT Governance frameworks and approaches (e.g. COBIT, TOGAF, COSO)
• General knowledge of computer networking, infrastructure and devices.
• General knowledge of security processes, roles and functions.
• General knowledge of security frameworks and methodologies.
• General and broad knowledge of web technologies

Useful skills

Good to have but not mandatory, basic to advanced skills of the following:

• Practical experience in assessing various forms of business risk.
• Practical experience designing high-level controls to address forms of business risk.
• Experience using, administering, or troubleshooting Linux and Windows environments.

Responsibilities

• Collaborate with clients to help assess risk and compliance exposures and obligations for both laws and regulations.
• Collaborate with clients to perform detailed risk, privacy and compliance assessment supported by concise impactful risk reduction recommendations to guide their business initiatives.
• Participate in meetings with clients covering functional and technical requirements.
• Work with architecture teams to understand enterprise solutions and impacts on security controls.
• Document and organise project tasks and findings appropriately, clearly, and accurately to support internal reviews and quality assurance.
• Maintain good security awareness, stay informed of current industry developments, vulnerabilities, and opportunities.

Qualifications

Good to have but not mandatory.

• CIPP, CIPM, CIPT
• Security+
• SSCP
• ASc., BSc., MSc.

Perks

• Healthy work-life balance
• Flexible working environment
• Training opportunities
• Qualification sponsorship
• Negotiable support
• Collaborative, creative, and positive culture
• Incentive system
• Competitive remuneration