Penetration Tester

Job Requirements

Penetration Test Engineer – Product Cyber Security-

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Conduct comprehensive security assessments of Wabtec products, including embedded devices, IoT devices, thick client applications, mobile and web applications, 
• Use penetration testing and Red Team techniques to discover and exploit vulnerabilities
• Create findings reports and communicate to stakeholders
• Perform compliance testing of embedded systems with respect to IEC-62443-4-2 standards
• Explore new ways to exploit devices by dumping and analyzing firmware (incl reverse engineering)
• Interact with and test JTAG, UART, and other hardware debug interfaces
• Provide guidance on vulnerability remediation to engineering teams
• Manage the penetration testing request process and backlog/pipeline 
• Recommend and implement improvements to testing processes and methodologies
• Support PSIRT and Vulnerability Disclosure processes and activities
• Promote security awareness through hacking demonstrations, CTF events ..
• Proactively perform threat hunting for any new vulnerabilities/risk associated with products and applications. 
• Be up to date with cybersecurity trends and share information on new exploits, vulnerabilities to the appropriate stakeholders. 
• Collaborate with cross-functional teams and stakeholders to identify and mitigate security risks.

Work Experience

QUALIFICATIONS & SKILLS:

• Bachelor's degree in computer science, cybersecurity, or a related field
• 4-6 years of experience in web, network and embedded/IoT applications penetration testing
• Strong expertise in various penetration testing techniques and attack frameworks such as MITRE ATTCK, PTES standards, fuzz testing, brute force attacks, OWASP top 10 tests, and more
• Hands-on experience with penetration testing tools including open-source tools, such as Metasploit and the Kali Linux tool set, Nessus, Qualys guard, nmap, Wireshark and Burp Suite etc.
• Demonstrate strong manual penetration testing skills and techniques that are required besides automated tools and frameworks
• Good understanding of embedded systems security testing including firmware security, secure configuration analysis, secure boot, physical port testing (USB, serial, CAN, wireless, etc.,)
• Knowledge of the secure SDLC and vulnerability/risk lifecycle
• Knowledge of common vulnerability frameworks such as CVSS, and OWASP top 10
• Experience with hardware debug tools and test equipment
• Solid understanding of network security and penetration testing methodologies
• Strong problem-solving and critical thinking skills
• Excellent communication and report writing abilities
• Certification in a relevant area such as OSCP, OSWP, GPEN, CPTC, or CPTE is highly desired
• Excellent communication and presentation skills 
• Ability to collaborate effectively as part of a global cross functional team, working independently with minimal supervision.