We are looking for a Penetration Tester for our client based in Rome
Belgium – International Organisations
The Consultancy services is expected to be delivered in 2 parts:
Part I: penetration test on scope 1
Part II: penetration test:
- re test on scope 1 after mitigation by the client team
- penetration test on scope 2 (additional scope)
Part III: penetration test – re test after mitigation by the client team on scope 1 and 2
Both parts have to be structured in the following steps:
1. Penetration test on the infrastructure in scope, with a white box testing approach: the client willprovide the tester with:
- web application and web services endpoints
- information on the infrastructure so to maximize the tested attack surface
- application credentials for each endpoint that requires it
2. Hands-on penetration test on a live instance of the application in scope, with different level ofaccess provided (unauthenticated, normal user, privileged user).
3. Follow-up testing on mitigation actions.
For each of those parts, during field-work (remote or onsite), the consultant should deliver a daily statusreport, that comprises at least of:
- Carried out activities
At the end of each penetration test (part 1 and part 2), and within one week, the consultant has to delivera final report with technical analysis (including risk rating) and remedial recommendations for eachdiscovered weakness.
All consultants should have demonstrable analytical skills, knowledge and experience required to perform the ICP penetration test.
All consultants should have more than 5 years of experience in penetration testing and/or technicalsecurity reviews.
All consultant should have experience in pentesting critical web applications (e-banking, financial systems)for global organizations.
It is desirable that consultants are certified security professional.
All consultants must have excellent English communication skills and the ability to communicate thespecified solution back to the client as well as the technical/development and network infrastructureteams
Aleksandar Vasev +353 1 254 9727
+353 1 254 9727