Fulltime, Parttime
Estonia, Home Office, Remote, Switzerland
Posted 3 Monaten ago

Rocketlab has been working for Swiss, German and international companies for 20 years at the intersection between culture and technology. Over 100 experts spread over the globe develop, test and define products for our clients.

Innovation, operative excellence and appreciation to our employees influence the QA department of Rocketlab. We invest continuously in the development of our existing IT landscape and offer through progressive thinking and efficiency the best possible service to our business units.

To support our strategy, we are looking for the best talents who are willing to shape this challenging journey with us. If this appeals to you, then you should contact us.

Rocketlab . Shifting culture . shaping experiences.

Penetration Tester

Always be ahead of ...

We have a tremendous remote opportunity for a Penetration Tester to join our growing Enterprise Risk Management (ERM) team. This hands-on role would involve performing external, internal, and social engineering engagements for our clients.

Skillset

Cobalt Strike, Empire, Metasploit, Burp
OWASP, OSSTMM, NIST, ...
Applicable certifications: OSCP/E, GWAPT, GPEN, GXPN, ...
Powershell, Python, C#, Java, ...

YOUR CHALLENGE

  • Identify client objectives and plan accordingly
  • Perform pre-engagement tasks such as:
    • select/prepare tools
    • build pretexts, payloads, and delivery mechanisms
    • prepare support infrastructure
    • purchase domain name(s)
  • Execute phases of testing based on type of engagement, which may include reconnaissance, vulnerability identification, exploitation, privilege escalation, lateral movement, persistence, clean up, and reporting
  • Document progression and findings of testing such as methodologies, vulnerabilities, misconfigurations, etc. to later be compiled into a report
  • When applicable, review vulnerability scans, and then provide feedback to client and/or internal team
  • Interact with client pre-/post-engagement as well as during the engagement if needed
  • Have the defensive knowledge to make recommendations that remediate the vulnerabilities and misconfigurations exploited during test. Understanding of a defense-in-depth strategy and best practices is a must
  • Continued tradecraft development
  • Work within timeframe for engagement

REQUIREMENTS

  • Phishing
  • Web App Testing
  • Reconnaissance, privilege escalation, persistence, lateral movement, payload development/generation
  • Tool and/or payload obfuscation for evasion
  • Cobalt Strike, Empire, Metasploit, Burp
  • 2+ years’ experience in information security and/or penetration testing
  • Hands-on experience with Powershell, Python, C# a plus
  • Strong time management
  • Ability to work independently
  • Strong technical knowledge with a comfort level working on a wide variety of technologies and implementations
  • Experience engaging clientele in consulting-related environments
  • Strong understanding of security principles, policies, and industry best practices
  • Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

Would be a plus:

  • Applicable certifications: OSCP/E, GWAPT, GPEN, GXPN, and eLearnSecurity

Your contact person: Katrin Kirn (HR Business Partner)

We are looking forward to receiving your full job application through our online application tool. You can find further interesting job opportunities from the Home Page or under our Jobs section.

Apply Online

A valid email address is required.
A valid phone number is required.