One of the leading Information Technology (IT) services companies in the Spanish market and one of the best companies to work for in Spain according to Forbes magazine.
Operating since 1975, our activity is focused on ICT consulting, infrastructure services, information systems integration, outsourcing and implementation of integrated business management solutions.
Present in the main sectors of activity: finance, insurance, industry, services, telecommunications, health, utilities and public administration, where we offer sector-specific solutions. We complete our offer with technological solutions such as Analytics and AI, ERP and CRM, process management (BPM), HR, mobility, content management (ECM), people management (HCM), SOA architectures, traceability, accessibility or cybersecurity, as well as Cloud Computing services.
After almost 50 years of activity, they have established themselves as one of the leading IT services companies with Spanish capital. We are currently 4,075 professionals and represent a turnover of 276 million euros.
Job Details:
Essential knowledge:
We are looking for a Penetration Test and Red Team specialist to join the Offensive security team
Academic Requirements:
Engineering in a technological field (Telecommunications, Computer Science or similar) or technological FPs High level of spoken and written English
Technical and professional experience required:
+2 years of experience running penetration tests and/or operating Red Team exercises
Working knowledge of networks, firewalls, protocols, systems, and security technologies/platforms.
Working knowledge in Microsoft Active Directory environments
Working knowledge in the identification, analysis and exploitation of vulnerabilities
Development and programming knowledge (min. 2 of the following): Python, C#, C++, GO, PS, etc.
Basic knowledge in methodologies and standards: PTES, OWASP, TIBER-EU
Desirable skills:
Valuable technical and professional experience:
Experience in OT, ICS or SCADA environments
Experience in PCI-DSS, SWIFT and/or PSD2 environments
Code auditing and hardening of systems and platforms
Certifications:
OSCP, OSEP, OSCE, OSWE, CRTP, CRTE, CRT, eWPTX, CRTO, or other similar and recognized .
Practical experience with standards, frameworks and regulatory compliance (ISO 27k1, PCI-DSS, HIPAA, ISA/IEC 62443, etc.)
Forensic Techniques and Incident Response
Publication in blogs, investigations or similar
Participation in security conferences
Participation and experience in CTF and bugbounties
Responsibility and functions:
Role and Responsibilities:
Execution of Red Team exercises based on threat intelligence (Emulation and Adversarial Simulation). Execution of Penetration Tests of multiple types:
External/Internal/Wireless, on IoT/IIoT ecosystems, ICS environments, WEB/API, mobile applications and code reviews.
Social engineering exercises:
Spear Phishing, Vishing and/or physical tests.
Vulnerability analysis, attack surface evaluation and security diagnostics on multiple environments. .
Purple Team tasks in the validation of analytics and detection mechanisms.
R+D+i and development and maintenance of Red Team infrastructure, toolkit and malware
Participation in the publication in blogs and technical workshops.Infrequently
Competencies and skills: Required skills:
Generation of quality reports and presentation of results to executive/technical audiences
Technical leadership skills
Ability both to work in large and multidisciplinary teams and to carry out projects independently
Self-management and reporting capabilities to project management
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.