About the Client
Our client is a provider of top-of-the-line medical solutions with innovative strength in diagnostic and therapeutic technologies, including information technology and system integration. therapies, medical IT solutions complemented with advice and service support. They deliver a comprehensive range of solutions - from prevention and early detection to diagnosis, treatment and patient care.
About the Role
For our Client we are looking for a motivated and dedicated Penetration tester / Ethical Hacker to join their team of cyber security experts in the Healthcare sector. This is a unique opportunity for a technical, hands-on person to grow with the business and play a pivotal role in the growth and leadership of the team.
Responsibilities
- Execute and lead penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS and Azure) architecture, IoT, healthcare devices, and more.
- Conduct scans, penetration tests and source code analysis of web applications
- Identify and exploit security vulnerabilities to demonstrate their impact on the environment and business.
- Perform systematic and rigorous authorized hacking activities using real world attack techniques to obtain foothold on the system, pivot to other systems and networks and to exfiltrate data.
- Explain identified vulnerabilities to technical and business audiences and advise the best approach to eliminate the weaknesses
- Write comprehensive and accurate reports for both technical and executive audiences
Requirements
Professional skills:
- 5+ years of experience in an offensive security specialty.
- Ability to clearly communicate and present technical topics
- Good analytical and problem-solving skills
- Passion for learning new technologies
- Team player with ability to work independently
- Advanced interpersonal, verbal and written communications skills
- Ability to communicate and present technical and business topics
- Ability to multitask, manage time effectively and prioritize tasks
- Result oriented
- Self-motivated and creative
An expert level of knowledge is required in the following areas:
- Port scanners, vulnerability scanners, exploitation frameworks.
- Networking and network protocols.
- Enumeration techniques.
- Web application manual and automatic testing (incl. OWASP, NIST ).
- Active Directory.
- Windows and Linux access controls and administration.
- Authentication and Authorization models.
- Cloud (Azure and AWS).
A good understanding of the following concepts:
- Threat modeling and risk assessment.
- Web server administration.
- Penetration testing processes, procedures, legal agreements, and reporting requirements.
- Post exploitation techniques.
- Experience with databases (MS SQL, Oracle DB, PostgreSQL, MySQL).
Nice to Have Skills
- Certifications such as, OSCP, OSCE, AWAE, CISCO CCNA, CISCO CCNP, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB).
- Bug hunting experience
- CVE
- Experience with SCRUM/KANBAN
- Experience with leading small teams
- LaTeX