We are looking for a Penetration tester to work for us REMOTELY.
Penetration Testing aims to provide a safe communication and information infrastructure for the Contracting EU-Is' user community and information systems by proactively assessing the security of the Contracting EU-Is' infrastructure by purposefully attacking its systems, networks, services and applications.
This service involves a sound preparation to scope the penetration test and to agree on the rules of engagement with the relevant system's stakeholders.
Penetration Testing service encompasses the set of standards, processes, tools, technology and skilled staff to proac-tively assess the security posture of a given ICT infrastructure by purposefully attacking its systems, networks, ser-vices and applications.
- Establishing a clear scope for the penetration test based on specific and measurable rules of engagement
- Preparing, planning and coordinating the execution of the tests
- Scanning and probing targets
- Determining the feasibility of a particular set of attack vectors
- Attacking and exploiting targets in line with the rules of engagement with the aim of proving the true feasibility of one or several killing chains
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Performing risk, impact and damage assessments
- Providing intermediate reports on regular basis
- Providing recommendations such as mitigating the identified exploitable vulnerabilities
- Drafting penetration testing reports tailored for management and technical peers
- Maintenance and continuous improvement of the penetration testing toolkit
- Interfacing with other experts
- Technology watch
- Contribution to awareness trainings
- Scoping of penetration tests
- Planning of penetration tests
- Execution of penetration tests
- Vulnerability Assessment
- Security Assessments and Audits
At least 1 certification among:
GPEN (GIAC Certified Penetration Tester)
GWAPT (GIAC Certified Web Application* Penetra-tion Tester)*
CEH (EC-Council Certified Penetration Tester)
or an equivalent certification recognized international-ly (subject to acceptance as a valid credential by the Con-tracting EU-I)
The following documents / procedures will be requested to successfully complete the hiring process:
- A copy of your university degree(s)
- A copy of your criminal record
- Security Clearance Procedure
WHO ARE WE?
CRI Group belongs to VASS GROUP as of November 2021 (https://vasscompany.com/en/).
VASS is a leading digital solutions group of companies headquartered in Madrid, Spain, present in 25 countries in Europe, the Americas and Asia with more than 4,300 professionals.
VASS helps large companies in their digital transformation process, developing and executing the most innovative and scalable projects, from strategy to operations.
All our growth comes from our talented people, passion for innovation, and a constant search for improvement, always the VASS way: “Complex made simple”.