Security Tester and evaluator

We are looking for a skilled Security Tester and Evaluator to evaluate and conduct security testing for applications and systems. In this role, you will support threat modelling and security assurance activities in collaboration with the security team. As a security tester and evaluator, you will be responsible for designing and creating appropriate test strategies and test plans for systems and applications of our customers based on the security assurance profiles. Additionally, you will conduct and execute test plans using various security testing and assessments methods and techniques to identify vulnerabilities and ensure full coverage. Finally, you will propose a mitigation plans to mitigate identified vulnerabilities and strengthen the level of security of the target system.

About SeCORE:

SeCore Information Security Limited is an innovative cybersecurity company specializing in AI-driven, quantitative security assessment solutions. Our cutting-edge platform empowers businesses to enhance their security posture, achieve multi-standard compliance, and mitigate cyber risks efficiently. Join our dynamic team and be part of a groundbreaking journey in revolutionizing digital security.

Key Responsibility:

1. Design and create testing plans and evaluation strategies that are connected to the identified security threats and assurance requirements. These include evaluation objectives, the testing scope, testing approaches and techniques, testing environment etc.
2. Design and create a list of test cases and test scenarios that based on the identified testing plan and strategy.
3. Conduct manual and automated security tests in order to evaluate and assess the security of applications and systems in different domain, e.g., web applications, mobile applications, APIs, networks, IoT application and cloud environments, and various sectors, like healthcare, insurance, finance, etc.
4. Design and suggest a mitigation plan that consists of different measures and controls to mitigate and overcome the identified risks and vulnerabilities.


Requirements:
1. Proven experience in security testing, penetration testing, or ethical hacking.
2. Strong knowledge of network security, web security, cryptography, operating systems and secure coding practices.
3. Hands-on experience with security testing tools and scripting (Python, Bash, PowerShell, etc.).
4. Familiarity with SOC 2, ISO 27001, NIST, OWASP, MITRE ATT&CK, SDLC frameworks.
5. Ability to write detailed, professional security assessment reports.
6. Strong problem-solving skills, analytical mindset, excellent communication skills and the ability to work in teams and to explain complex security concepts to non-technical stakeholders.

Preferred Certifications (Not Mandatory but a Plus):
GWAPT (GIAC Web Application Penetration Tester)
CPT (Certified Penetration Tester)
CEH (Certified Ethical Hacker)
GPEN (GIAC Penetration Tester)
CPT (Certified Penetration Tester)