Costa Rica


Sr. Penetration Tester


Job Summary:

The Senior Penetration Tester is performing penetration tests of IT Solutions created in house. Additionally, she/he creates security testing plans, recommends remediation actions and follows up on the remediation of the identified weaknesses.

Required Professional Expertise:

  • B.Sc. or M.Sc. in Information Technology or Information Security

  • Minimum 10 years of experience in IT Infra (less can be accepted if strong experience)

  • Minimum 5 (even 3 if a solid profile) years of professional experience as a Security Analyst, Penetration Tester, Penetration Tester. We can also consider Software Engineer with proven pen-testing experience.
  • Knowledge of penetration testing principles, tools, and techniques

  • Knowledge of system and application security threats and vulnerabilities

  • Knowledge of hardware and software reverse engineering concepts

  • Skill in using network analysis tools to identify vulnerabilities

  • Skill in conducting vulnerability scans and recognizing security vulnerabilities in IT Systems

  • Skill in the use of penetration testing tools and techniques

  • Skill in utilizing exploitation tools (e.g., web-proxies, fuzzers, packet sniffers, debug, etc.) to identify System/software vulnerabilities (penetration testing)

  • Skill in assessing the robustness of security systems and designs

Technical Skills:

  • Experience using Burp, Kali Linux. Top 1

  • Previous experience on web application testing methodology (ASVS), OWASP. Top 2

  • Expertise pentesting exploitation tools: Wireshark, Metasploit, PingCastle, BloodHound, nmap, Nessus, Hashcat, OWASP ZAP. Top 3

Bonus Points:

  • Relevant Information Security Certifications such as CEH, OSCP, eWPT

  • Participation in CTFs (Capture the Flag), Hackatons

Essential Duties and Responsibilities:

  • Define test procedures and test cases
  • Execute the tests
  • Manage reporting phase of the testing and ensure clarity of the reported findings:
  • Deliver clear and understandable reports for the business stakeholders
  • Follow up on the reported findings
  • Asses the security posture of the individual applications and infrastructure landscape
  • Developing automatic test environment and automatic tests (when required)
  • Provide support to other Information Security functions such as Vulnerability Management (e.g. assessing vulnerabilities) and Incident Management (in consulting capacity).