Senior Penetration Tester

About Luxoft
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 23 countries with an international, agile workforce of nearly 18,000 people. It combines a unique blend of engineering excellence and deep industry expertise, helping over 425 global clients innovate in the areas of automotive, financial services, travel and hospitality, healthcare, life sciences, media and telecommunications. DXC Technology is a leading Fortune 500 IT services company which helps global companies run their mission critical systems. Together, DXC and Luxoft offer a differentiated customer-value proposition for digital transformation by combining Luxoft’s front-end digital capabilities with DXC’s expertise in IT modernization and integration. Follow our profile for regular updates and insights into technology and business needs.
​​​​​​​Luxoft Romania has been established since 2001. We currently have approximately 2500 employees working from different locations in the country.

Mandatory Skills Description:

• 3+ years of proven experience in penetration testing, vulnerability assessment, or related cybersecurity roles
• Certifications such as GIAC Penetration Tester Certification (GPEN), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), eCPPTv2 Certification or similar are highly desirable.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Strong understanding of network protocols, operating systems, and web application technologies
• Knowledge of GCP Cloud infrastructure and security best practices.
• Proficient in using penetration testing tools:
manual testing: proficiency in discovering vulnerabilities using the Burp Suite Professional, for web app assessments
automated tools: training for Invicti (Netsparker) or Veracode will be offered;
other tools needed: nmap, Gobuster, Postman, Crackmap exec, Metaspoit, Peass-NG suite
• Familiarity with the following frameworks and methodologies: OWASP Top-10, NIST 800-115 and SANS Top 25 vulnerabilities

Nice-to-Have Skills Description:

• Strong analytical and problem-solving skills with attention to detail.
• Effective communication skills to convey complex security concepts to both technical and non-technical stakeholders.

Project Description:

Join our Development Centre in Bucharest and become a member of our open-minded, progressive and professional team. In this role you will be working for one of our world-famous clients.
The Chief Security Office (CSO) of our client comprises the Chief Information Security Office (CISO) and the Corporate Security unit. The CISO organization guarantees information security for our client. The Information Security Operations teams enable the business of our client by providing agile security operational capabilities.
As a Penetration Tester, your primary responsibility is to assess and evaluate the security of computer systems, networks, and applications by simulating cyber-attacks. You will identify vulnerabilities, exploit weaknesses, and provide recommendations to enhance the overall security posture of our client.
The Penetration Testing Specialist helps the business focus on security vulnerabilities and flaws by applying industry standard methodologies for testing.
In our client's team you will continuously grow in an innovative and supportive environment.
On top of attractive salary and benefits package, Luxoft will invest into your professional training, and allow you to grow your professional career.

Responsibilities:

• Conduct comprehensive assessments of systems, networks, and applications to identify potential security vulnerabilities.
• Utilize both automated scanning tools and manual testing methodologies to ensure thorough coverage.
• Analyze and interpret the results of penetration tests to provide detailed reports outlining identified vulnerabilities, potential impacts, and recommended remediation strategies.
• Coordinate test findings with applicable technology, information security, and business groups.
• Create comprehensive and clear documentation of the testing process, findings, and recommendations.
• Stay up to date with the latest security threats, vulnerabilities, and industry best practices.
• Continuously update skills and knowledge to adapt to evolving cybersecurity landscapes.
• Ensure that penetration testing activities align with relevant regulatory requirements and industry standards.
• Assist in maintaining and improving the organization's compliance with security policies.