Penetration Tester

The Penetration Tester role is part of the Penetration Testing Practice within Nexon which provides high quality security services, such as Penetration Testing, Security Consulting, Training, security assessments and audits for Nexon’s new and existing client base. The role will require a broad range of security and technical skills and the ability to exercise excellent judgement, act on priorities, communicate and liaise effectively with clients and co-workers while demonstrating exceptional time and task management.

As a Web Application Penetration Tester, you will work predominantly on web application assessments, API Assessments and mobile application assessments. Additionally, you will have the ability to work in all other areas of penetration testing such as social engineering, network, wireless assessments, reverse engineering, red/blue teaming and so on to have a positive impact on our clients and the company.

What attracts testers to our team, in terms of day to day is our team, our flexible working and the ability to work in all areas of Penetration Testing, testers are not locked into one realm like at other testing firms (but usually are testers specialize in one or two areas)

Key Responsibilities
  • Conducting penetration tests on Web Applications, API’s and Mobile Application environments (primary focus).
  • Conducting penetration tests on Wired and Wireless networks, AD, ADCS, Cloud and on-premise environments.
  • Conduct Social Engineering exercises for our clients, such as Phishing, Vishing, Smishing and physical access testing.
  • Provide security guidance and consulting as well as a range of security assessments and awareness training to our clients.
  • Completing high quality and tailored reports for all security services provided.
  • Delivering of findings presentations to clients.
  • Providing mentoring to other team members and greater Nexon staff on Penetration Testing, security services and security expertise.
  • Ensuring smooth and structured project management and execution of Penetration Tests for our clients.
  • Obtaining certifications such as CREST as required.
Experience & Knowledge
  • Proven 2+ years security assessment and penetration testing services experience, with a focus on web applications, API’s and mobile apps. This does not necessarily require commercial experience, if you are involved with bug bounty, hack the box, tryhackme or have other suitable
    experience.
  • Experience with other areas of Penetration Testing such as Wireless, Network, AD, AAD & ADCS, Social Engineering, and Cloud is also advantageous.
  • You will be a person that loves continuously learning, and utilises platforms such as HTB, TryHackMe, CTFs and Bug Bounty.
  • Hold certifications such as Burp Suite Certified Practitioner (Highly Desirable), OSCP, CREST (Highly desirable), PNPT &/or CRTP.
  • Able to obtain and hold relevant police security clearance.
  • Experience in presenting to stakeholders of all levels and tying findings back to business risk.
  • Ability to conduct awareness training to stakeholders

Penetration Tester – Webapps Focus

Responsibilities

  • Conducting penetration tests on Web Applications, API’s and Mobile Applications. Environments.
  • Conduct Penetration Testing on wired and wireless networks, Cloud and on-prem environments, Social Engineering exercises, such as Phishing, Vishing, Smishing and physical access testing for our clients.
  • Provide security guidance and consulting as well as a range of security assessments and awareness training to our clients
  • Completing high quality and tailored reports for all security services provided
  • Providing security testing, research and development to continually grow the Security team and our security offerings
  • Providing mentoring to staff on security services and expertise.

 

Requirements

  • Proven 1-2+ years security assessment and penetration testing services experience, with a focus on web applications & API’s. This does not necessarily require commercial experience, if you are involved with bug bounty, hack the box, tryhackme or have other suitable experience.
  • Experience with other areas of Penetration Testing such as Wireless, Network, Social Engineering, and Cloud is also advantageous.
  • Have a passion for continual learning and a willingness to obtain certifications.
  • Broad range of fundamental IT/Networking skills
  • Able to obtain and hold relevant police security clearance
  • Confidence in presenting to stakeholders of all levels and tying findings back to business risk
  • Industry certifications such as CREST (highly desirable), Burp Suite Certified Practitioner (Highly Desirable) CISSP, GPEN, TCM certifications such as PNPT, CPENT, EC-Council, OSCP (highly desirable) etc