1. Home
  2. IT development
  3. Penetration Tester

Offers “Atos”

Expires soon
Atos

Penetration Tester

  • Warszawa, POLAND
  • IT development
Apply Now

Job description



Atos is a global leader in digital transformation with 120,000 employees in 73 countries and annual revenue of € 13 billion. European number one in Cloud, Cybersecurity and High-Performance Computing, the Group provides end-to-end Orchestrated Hybrid Cloud, Big Data, Business Applications and Digital Workplace solutions through its Digital Transformation Factory, as well as transactional services through Worldline, the European leader in the payment industry. With its cutting-edge technologies and industry knowledge, Atos supports the digital transformation of its clients across all business sectors. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and operates under the brands Atos, Atos Syntel, Unify and Worldline. Atos is listed on the CAC40 Paris stock index.

 

 

 

Your role in Atos - Job Description

 

Cybersecurity Technical Auditor / Penetration Tester Expert’s role is a strong technical position which will support the various on-site or remote information security, cybersecurity technical audits with penetration testing part related to customer on-premise or cloud network or infrastructure environment. Cybersecurity Technical Auditor will work alone or with Atos or customer team from Cybersecurity Application Security Technical Auditor/Penetration Tester, IT&N architects, development teams, security incident response and security monitoring teams.

As a Cybersecurity Technical Auditor / Penetration Tester Expert you are a member of an ambitious international team that works in a strategic growth area for the best organizations in the sectors of Financial Services; Manufacturing, Retail & Transport; Public & Health; Telecommunication, Media and Utilities. Together you will distinguish yourselves through commitment and auditing and recommendation quality. As a member of a global team you operate independent or in collaboration with other entities and regions within Consulting or Atos itself. You will work both on large and dedicated network, infrastructure domain of security audit and compliance projects regarding ISO 27001, NIST, NIS Directive, ISF, OWASP, PCI-DSS, PTES and other industry standards specific audit based on your IT technical knowledge.

You understand and realize technical aspects of various cybersecurity or GRC audits, with elements of post-incidental analysis or forensic, technical failure investigations etc. While conducting audits you are using various pen-tester’s supporting software or tools dependent on application technology. You are familiar with the importance of data security and are knowledgeable with regard to IT operations and security risks side of these activities.

 

What Are We Looking For / Essential skills and competencies:

 

·  More than 5 years’ experience working in the role technical security auditor or penetration tester preferably supported by personal or company references from customer
·  Practical experience in the field of IT/Information Security is required.
·  Experience working in Financial Services; Manufacturing, Retail & Transport; Public & Health; Telecommunication, Media and Utilities
·  Master or bachelor’s degree in relevant areas (technical, IT studies preferred)
·  Several (the more the better) of the below security certifications related to security penetration testing:
·  Cisco related certificates – expert or professional level like: CCIE Security: CCIE Collaboration
·  CCIE Data Center, CCIE Routing & Switching, CCIE Security, CCIE Service Provider, CCIE Wireless, CCNP Cloud, or other network infrastructure vendor, etc.
·  OSCP (Offensive Security Certified Professional) –
·  OSCE (Offensive Security Certified Expert)
·  GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
·  CISSP (Certified Information Systems Security Professional)
·  CISA (Certified Information Systems Auditor)
·  eWPT (eLearnSecurity Web Application Penetration Tester)
·  eMAPT (eLearnSecurity Mobile Application Penetration Tester)
·  OSWP (Offensive Security Wireless Professional)
·  CEH (EC-Council Certified Ethical Hacker)
·  CCLO (Cellebrite Certified Logical Operator)
·  CCPA (Cellebrite Certified Phisical Analyst)
·  XWF (X-Ways Forensics)
·  Other security certifications like: SANS GSEC, ECSA, ECSP, OSCP, CompTIA Security+ or equivalent certification is a plus
·  Number and list of disclosed network or infrastructure vulnerabilities within non-profit activities (i.e. Bug Bounty, Capture The Flag etc.) and reported to institutions including zero-day vulnerabilities. Placing on Hall of Fame list will be additional asset.
·  Key competencies include (those could be complementary to other team members):
·  Red teaming (network attacks, social engineering tests, phishing campaigns) experience
·  Blue teaming experience (internal security team that defends against both real attackers and Red Teams)
·  Purple teaming experience (groups that exist to ensure and maximize the effectiveness of the Red and Blue teams)
·  Penetration tests experiences:
·  WebApplications (WWW), web-services np. SOAP
·  Network infrastructure, Wi-Fi,
·  Mobile devices (tablets, phones) Mobile applications (android, iOS)
   - « fat client » applications
·  SCADA systems, industry automation (IoT, Operational Technology)
·  Fuzzing
·  Source code audit (incl. code review tools, i.e. HP fortify, checkmarx, ibm appscan),
·  Reverse engineering
·  Malware analysis,
·  Threat hunting
·  Incident Response analysis and post-incident analysis
·  Cyber Threat Intelligence (CTI)
·  Forensic
·  SIEM, logs management analysis (quantitative and qualitative)
  - Splunk, ArcSight, Mc Affee SIEM, etc.
  - Security scenario design
  - Threat modelling for systems and applications 
·  Practical Knowledge of Penetration Network Framework and tools listed in:http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
·  Practical knowledge of other methodologies: OWASP, PTES, PCI DSS.
·  Practical knowledge of several dedicated tools: Shodan, Recon-ng, dig, DMitry, theHarvester , Metagoofil, Fierce2.Qualys, nmap,CANVAS ,  Metasploit,  Core Impact , Gleg’s Agora SCADA+ Pack, Social Engineering Toolkit (SET), Common User Password List (CUPP).Hashcat, OWASP ZAP , nmap NSE, OpenVAS, sqlmap, nikto2, w3af, SNMP Walk, JBroFuzz lub wpscan, nmap, dirbuster, ike-scan, Unicornscan, p0f, xprobe. etc.
·  Criminal record clearance.
·  Expert witness – additional asset.
·  Excellent customer service and communication (oral / written) skills required.
·  Must be able to work independently or with a team, under minimum supervision, reporting to Project Manager of given assignment or Line Manager.
·  Fluent English is a must, Intermediate or Fluent German or French is a great plus
·  International mobility to serve our global clients and work with our global clients (50-100%) Europe or other continents. You accept readiness to travel up to 80-100% on average 60% also there are remote projects dependent on the assignment, mainly Europe but other continents are also possible.
·  EU work permit is a must, US visa is a plus
·  UK Security Clearance or UK citizenship – is a big plus
·  Location - anywhere in Poland close to an international airport.

We take care of your personal data privacy. More information about processing your personal data within recruitment process you can find on our website: https://atos.net/pl/polska/gdpr

Make every future a success.
  • Job directory
  • Business directory
    •