Senior Penetration Tester

We build strong relationships based on highest level of integrity, quality and quality.
Key Talents provides a various rage of services to companies and individuals focusing on recruitment, training, career advisory, QA audit, IT consultancy services, QA training delivered for individuals or client’s internal teams.

Threat Modeling
2-3 years of threat modelling experience. Familiarity with threat modelling methodologies such as STRIDE or PASTA
Web application / API Penetration Testing
Expert level understanding of application security concepts at both technical and procedural level
Expert level understanding and exploitation skills for web application vulnerabilities (OWASP - SQLi, XSS, CSRF, XXE,
IDOR, SSRF, etc )
Expertise on at least one of the following DAST tools (AppScan, BurpSuite, Acunetix,Web Inspect, etc)
Experience of creating attack trees/chains
Experience of automating penetration testing tasks such as import API spec (Swagger, Open API, etc ) to pen testing tools
Understanding (technical aspects of) penetration testing and results (including scoping and organizing of pen tests, use
of vulnerability scanners, vulnerability management tools)
Secure SDLC
Good understanding of application security tooling integration with CI/CD pipelines of applications
Good understanding of how git works, good to have experience of Gitlab CI/CD
Ability to read code (Perl, Java, JS) and identify vulnerabilities
Ability to provide remediation recommendations to developers
Infrastructure and Cloud Penetration Testing
3+ years’ experience of performing penetration tests for infrastructure and network
Good understanding of Kubernetes and virtualization technologies
Expert level understanding of vulnerabilities and exploitation techniques such as RCE, buffer overflows, subdomain
takeover, dns exfiltration, privilege escalation, etc)
Hands on security experience of performing cloud security reviews for at least one of the following cloud platforms
( AWS, GCP, Azure )
Manage Penetration Testing Lab
Experience of creating and managing penetration testing lab/infrastructure
Desirable:
7+ years of experience in information security
5+ years of relevant hands-on experience in offensive security testing and engagement management
Expertise in at least one of the following areas: (Web) application security, infrastructure and cloud security, mobile security
Excellence in communicating business risk and remediation requirements from assessments
Excellent stakeholder management skills
Proficient in scripting languages such as Python, PowerShell, Bash, and Ruby.
Competent with testing frameworks and tools
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)
Analytical and problem-solving mindset.
Highly organized and efficient 4 Desirable:
Experience in offensive tactics
Software development experience
Experience with using tools such as Burp Suite, AppScan, Acunetix , Zap ,Web Inspect, , Metasploit, Nessus / Qualys and OSINT tools
One or more of the following certifications: OSCP, OSCE, GPEN, GWAPT, CEH, CISSP or a similar recognized certification in their domain of expertise

Defines and leads the execution of highly technical penetration tests and security assurance engagements that deliver
value to our client by independently performing hands-on, detailed technical tests without requiring supervision.
Owns the design of new technical testing engagements to best serve the current and future needs of the organization,
being able to adapt industry best practices to the local technical and cultural environment.
Owns the responsibility to ensure that the budget allocated to pen testing activities performed by external vendors,
delivers the necessary value and results in a good return on investment.
Actively contributes to the mid- and long-term security assurance strategic plan definition by introducing domain
expertise insights and ensuring the plan is effective and impactful.
Grows the security assurance area of focus within security by understanding the current and target security posture
of the business and identifying the skills and resources needed to effectively deliver on those needs.
Mentors junior and core penetration testers, driving their career growth within this highly specialized technical craft.

Provides deep technical expertise to the business in the following highly specialized domains:
1. Threat modelling
2. Web application / API penetration Testing
3. Mobile application penetration testing
4. Infrastructure and cloud penetration testing
5. Purple team assessments

Provides guidance and recommendations to teams, considering the current state of their technical environment, their future roadmap and provides guidance and recommendations to teams, taking into account the current state of their technical environment, their future roadmap and strategy, and the risk associated with the underlying findings and vulnerabilities.
Keeps up to date with the latest developments in vulnerabilities and threats within their domain of expertise, using this to assess the security posture to new trends and attacks
Drives and coordinates multi-disciplined teams (including internal testers, external contractors, engagement managers) to conduct and successfully deliver pentest engagements of booking systems and services.
Drives the reporting of penetration test outcomes by drafting, disseminating, and presenting them to technical and non-technical stakeholders at multiple levels (junior analyst to leadership team).
Collaborates and coordinates with cross-functional technical and non-technical stakeholders to achieve a successful testing engagement that delivers critical security value.
Supports the cross-brand security assurance program throughout by engaging with key security personnel (CISOs to engineers)
Mentors and trains non-pentesters, such as developers and other technical roles, in the relevant aspects of penetration testing and vulnerability identification to scale their impact.

Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users.