Pentester (Senior) CÔNG TY TNHH AMARIS VIỆT NAM

ABOUT THE JOB

• Deliver targeted and intelligence-led security penetration testing and certification platforms through a robust testing methodology and process.
• Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behavior aimed at avoiding detection.
• Responsible for operating security penetration testing and internal tools, researching and analyzing vulnerabilities, identifying relevant threats, making and recommending corrective action recommendations, and summarizing and reporting results.
• Deliver continuous improvement through process re-engineering, technology transformation, integration, and exploitation to deliver optimized yet robust services to mitigate threats to the system.
• Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities.

Benefits

• 13th-month salary
• 14+ annual leaves per year
• Premium healthcare insurance, starting from your probationary period
• Project reviews and yearly performance appraisals
• Annual company trips
• Teambuilding activities: Team lunch/dinner, events, celebrations, sports clubs (football, yoga, badminton, etc.)
• International team with flexible working time + hybrid working
• Tailor-made career path
• Technical workshops and training courses
• Mobility: Opportunities to be on-site abroad in our offices in over 60+ countries

Equal Opportunity

Amaris Consulting is proud to be an equal opportunity workplace. We are committed to promoting diversity within the workforce and creating an inclusive working environment. For this purpose, we welcome applications from all qualified candidates, regardless of gender, sexual orientation, race, ethnicity, beliefs, age, marital status, disability, or other characteristics.

ABOUT YOU

• Academic degree in Cybersecurity, Information Technology, Computer Science, or related fields
• 5+ years of in-depth, hands-on working knowledge in penetration testing and vulnerability management in a global environment. Out of this a minimum of 3 years of professional experience as a lead penetration tester, reverse engineer, researcher, or threat analyst
• A self-starter, independent with minimal supervision and strong hands-on experiences in penetration testing for various tech stacks, including cloud environment
• Knowledge of the threat and vulnerability landscape, including malware, emerging threats, attacks, and vulnerability management
• Web, Mobile Applications, and Operating Systems exploitation or enumeration techniques utilized today range from injection, privilege escalation, buffer overflows, fuzzing, and scanning
• Programming languages such as Objective-C, Java, SWIFT, and Assembly, one/or more of the scripting languages, e.g., Perl, Python, PowerShell, or shell scripting
• IOS and Android reverse engineering, disassembling, decompiling, and root/jailbreak detection evasion
• Writing and demonstrating proof of concept work from an exploitation or attack perspective
• Building and employing modules and tailored payloads for common testing frameworks or tools
• Networking topologies, protocol usage, and enterprise hardware, including switches, routers, and firewalls, and their roles in security
• Access control methodologies, network/host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
• Hardware hacking or building custom hardware for exploitation
• Experience in cloud security, especially AWS, and a good understanding of DevSecOps principles, including Continuous integration and continuous deployment practices (CI/CD)
• Experience in container and Kubernetes testing and working knowledge of security best practices
• Strong communication skills (oral and written)
• Ability to work in a fast-paced team environment
• Detailed-oriented, Strong deductive reasoning, critical thinking, and problem-solving skills
• A self-starter, independent with minimal supervision and strong hands-on experience in penetration testing for various tech stacks, including cloud environments.