Security Test Engineer/Penetration Tester

SECURITY TEST ENGINEER/PENETRATION TESTER

If digital transformation, next-generation technology, and growth opportunities excite you, then join our Netcracker Technology team!  Our culture and collaborative work environment are the keys to our success.  Here you will work with the best in class global teams, earn a competitive salary and contribute to the largest digital transformations around the world. 
What’s in it for You?
At Netcracker, we are all entrepreneurs. This means we get creative when thinking of technical solutions, we explore possibilities and innovations and get excited about new technology.  We take complete ownership of our roles and aren’t micromanaged or left feeling like just another number. The results we achieve are highly visible to our leadership team and we are recognized for our work and promoted accordingly.
 

Requirements for candidates:

We are looking for experienced penetration testing specialists to join our application security team. The primary focus will be on regular security assessments of Netcracker product suite and customer solutions (self-service portals, CRM, rating and billing systems, cloud deployments). The role offers potential for growth both in technical domain and professionally.

What we are looking for:

• 2+ years of experience as a penetration tester
• Proven abilities to approach a black box and white box testing.
• Deep knowledge of OWASP top-10 vulnerabilities and attacks
• Perfect knowledge of OWASP methodology and web vulnerabilities – you can easily explain what it is and show how it works
• Hands-on experience with vulnerability scanners (static and dynamic) and frameworks, including but not limited to, OWASP ZAP, Burp, Nmap, Metasploit Framework and code scanners like CheckMarx SCA, Xray, CheckMarx
• Hands-on experience with API penetration testing of Rest/SOAP based interfaces
• Comfortable working with Microsoft Windows, MS Office, Linux, WSL, and CLI tools
• Strong analytical skills.

Job description:

• Discovering all information on system and solution exploitability (of Top 10 vulnerabilities categorized by OWASP, CWE/CVE like XSS, CSRF, SSRF, SQLi, RCE, XXE and uncommon HTTP Request Smuggling/Splitting, other) and security weaknesses from a variety of sources (technical documentation, source code, communication with project and development teams)
• Assessing of application and solution security controls against «black box», «grey box» and «white box» attacks using both manual and automated (DAST) penetration testing techniques
• Source code static analysis (client/server/database) for vulnerabilities with scanning tools - SAST
• Analysis and evaluation of 3rd party vulnerabilities as part of product implementation processes
• Prioritization of identified vulnerabilities accordingly to CVSS v.3.1 / v.4.0
• Assessment of findings with development teams, analysis, preparation and evaluation of mitigation options, resolution
• Analysis and evaluation of customer reports and 3rd party penetration test results
• Planning and tracking progress for assigned tasks
• Working in international team of professionals

What we offer:

• Competitive salary
• Medical insurance
• More than 300 hard and soft-skills programs by the corporate career development center
• Open environment and encouraging knowledge sharing culture
• Opportunity to practice foreign languages daily
• Flexible working hours and an opportunity to work remotely 

#LI-NB2