Security Engineer - Penetration Tester

• Perform manual penetration tests of websites, services, infrastructure, and networks to discover and
• exploit vulnerabilities
• Clearly document and communicate findings and remediation recommendations to the
• application/service owners
• Liaise with internal stakeholders to ensure timely delivery of security assessments
• Perform regular VA/PT of web, mobile and desktop applications
• Identify the internet exposure of our operating companies and constantly evaluate the security posture
• Document vulnerabilities, impact, and recommendations in a systematic manner
• Take on security challenges, take ownership of them and drive them to completion

• 3+ years of experience performing vulnerability assessments and penetration testing on
• Web/Mobile/Desktop applications
• Excellent understanding of OWASP Top 10 vulnerabilities and its mitigations
• Clear understanding of networking fundamentals: OSI layers, TCP/IP, protocols, etc.
• Experience working on a GNU/Linux based penetration testing operating system and the command line
• (such as Kali Linux, Parrot, BlackArch, etc.)
• Experience with automation scripting and fluent in at least one programming/scripting language
• Experience working on open-source and commercial tools like Burp Suite, OWASP ZAP, Nessus, etc.
• Good spoken and written English skills

• Security certifications: OSCP, OSCE, CRTP, GIAC certs or equivalent
• Knowledge of Windows penetration testing: Active Directory, Azure AD
• CVE publications, knowledge of exploit development
• Talks/workshops organized at security conferences
• Excellent bug bounty track record
• Open-source contributions made to security tools, scripts & solutions
• Development background and code review capabilities
• Experience with ICS/IoT penetration testing

Axiata Digital Labs