CENSUS

Senior Security Consultant – Organization Security

CENSUS

contract

Posted on:

Location Type: Remote

Location: Remote • 🇬🇷 Greece

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

CloudFirewallsIoTLinux

About the role

  • Conduct penetration tests (network, social, physical, adjacent, and more) that target Organizations, Networks, Application and Cloud infrastructure and evaluate their security defenses in-depth.
  • Assess the security posture of applications (mobile, web / cloud, core networks, etc.) via functional testing, fuzz testing and other applicable methodologies.
  • Review the security maturity of edge systems (IoT, kiosk terminals, operator terminals, etc.) that are interconnected via public or private networks.
  • Conduct targeted research for the purposes of understanding a vendor specific technology, identify its security critical components, and prioritize impactful attack vectors.
  • Document and present security risks & mitigation recommendations in both technical- and business-oriented language.

Requirements

  • BSc or MSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
  • 4+ years of experience in VAPT, IT security or application security (mobile, web front-end, backend, etc.) related roles.
  • Proven experience in vulnerability assessment, penetration testing or security testing at the network, application, or system level.
  • Active Directory and Cloud Infrastructure Knowledge
  • Experience with Information Security fundamentals (risk management, security best practices, data protection, communication encryption, authentication, authorization, etc.) and cyber threats of modern systems & networks.
  • Experience with the technologies and security controls present in application (web full-stack, WAF, EDR, data encryption, transport protection, etc.), network (firewalls, segmentation, IDS/IPS, VPN, etc.) and Windows / Linux system (privileges, roles/groups, AV/Endpoints, secret storage, etc.) architectures.
  • Experience in identifying, exploiting, and reporting vulnerabilities in the context of Red Team / VAPT tasks (OWASP Web / Mobile Top10 vulnerabilities, access control, insecure configurations, secrets management, etc.).
  • Experience in Active Directory Attacks (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, Golden Ticket, Silver Ticket, DCSync, Credential dumping, Abuse of ACLs, Lateral movement via SMB, etc)
  • Experience in using pentest and other security related tools for information gathering, vulnerability discovery, exploitation, evasion, persistence, and pivoting in Cloud environments.
  • Experience with authentication, authorization, role-based ACL, identity, and access management methods, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, etc.
  • Experience with basic cryptographic primitives, such as symmetric & asymmetric encryption, authenticated encryption, key derivation, and key exchange.
  • Ability to monitor the current threat landscape, emerging threads and follow their technical analysis and published exploitation techniques.
  • Problem solving skills, analytical thinking, and willingness to learn/grow.
  • Proficient in English and excellent communication skills.
Benefits
  • Flexible working arrangements

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
penetration testingvulnerability assessmentsecurity testingrisk managementdata protectionauthenticationauthorizationcryptographycloud infrastructureinformation security
Soft skills
problem solvinganalytical thinkingwillingness to learncommunication