Senior Security Consultant – Organization Security

October 3

Apply Now

Receive Emails with Similar Jobs

CENSUS

WebsiteLinkedInAll Job Openings

Cybersecurity

CENSUS is a cybersecurity company that provides in-depth security testing and advisory services. They offer a range of services including Tiger Team and Penetration Testing, comprehensive mobile app testing, and Secure Software Development Lifecycle (SDLC) practices. CENSUS engages in cybersecurity engineering to protect digital assets and infrastructures. They also focus on product and organization security, vulnerability research, and provide advisory services for various digital security challenges. CENSUS is actively involved in the cybersecurity community, participating in notable events like the Cybersecurity Financial Services Summit and the Autotech Europe Forum.

51 - 200 employees

🔒 Cybersecurity

📋 Description

• Conduct penetration tests (network, social, physical, adjacent, and more) that target Organizations, Networks, Application and Cloud infrastructure and evaluate their security defenses in-depth. • Assess the security posture of applications (mobile, web / cloud, core networks, etc.) via functional testing, fuzz testing and other applicable methodologies. • Review the security maturity of edge systems (IoT, kiosk terminals, operator terminals, etc.) that are interconnected via public or private networks. • Conduct targeted research for the purposes of understanding a vendor specific technology, identify its security critical components, and prioritize impactful attack vectors. • Document and present security risks & mitigation recommendations in both technical- and business-oriented language.

🎯 Requirements

• BSc or MSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience. • 4+ years of experience in VAPT, IT security or application security (mobile, web front-end, backend, etc.) related roles. • Proven experience in vulnerability assessment, penetration testing or security testing at the network, application, or system level. • Active Directory and Cloud Infrastructure Knowledge • Experience with Information Security fundamentals (risk management, security best practices, data protection, communication encryption, authentication, authorization, etc.) and cyber threats of modern systems & networks. • Experience with the technologies and security controls present in application (web full-stack, WAF, EDR, data encryption, transport protection, etc.), network (firewalls, segmentation, IDS/IPS, VPN, etc.) and Windows / Linux system (privileges, roles/groups, AV/Endpoints, secret storage, etc.) architectures. • Experience in identifying, exploiting, and reporting vulnerabilities in the context of Red Team / VAPT tasks (OWASP Web / Mobile Top10 vulnerabilities, access control, insecure configurations, secrets management, etc.). • Experience in Active Directory Attacks (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, Golden Ticket, Silver Ticket, DCSync, Credential dumping, Abuse of ACLs, Lateral movement via SMB, etc) • Experience in using pentest and other security related tools for information gathering, vulnerability discovery, exploitation, evasion, persistence, and pivoting in Cloud environments. • Experience with authentication, authorization, role-based ACL, identity, and access management methods, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, etc. • Experience with basic cryptographic primitives, such as symmetric & asymmetric encryption, authenticated encryption, key derivation, and key exchange. • Ability to monitor the current threat landscape, emerging threads and follow their technical analysis and published exploitation techniques. • Problem solving skills, analytical thinking, and willingness to learn/grow. • Proficient in English and excellent communication skills.

🏖️ Benefits

• Flexible working arrangements