Technical Auditor / Pentester – Barcelona

Currently seeking a professional to join our Information Security Office (OSI) team as a Technical Auditor or Pentester. This person will work closely with the Cyber-Threat Intelligence (CTI) and OSI colleagues, as well as other leaders throughout the organization to ensure that the information is properly protected through the development of appropriate protection and response programs.

You will

Work within the CTI team.
Conduct reconnaissance exercises to detect applications and systems that should be included in the scope of the audit program
Properly plan the audit program
Assess the security of computer software and hardware
Conduct penetration testing on computer systems and applications
Conduct security audits and cyberattack simulations by designing and utilizing hacking tools to access designated applications
Generate tools for breaking into security systems
Detect and correct system weaknesses
Provide recommendations based on an assessment of hardware and software systems
Implement solutions to enhance data security
Report identified vulnerabilities to problem solving teams and follow up until remediation. Provide support if necessary.
Manage the audits carried out by third parties, providing them with the necessary resources and validating the results
Generate security reports and KPIs.
Communicate and support users in a proactive and pragmatic manner after executing response actions that affect their activities.
Provide, as necessary, technical guidance and guidance to less experienced staff, taking a proactive approach to mentor other members of the OSI team.
Additionally, you may participate in certain incident response activities.
Be asked to take on additional duties as well, when needed.
Work up to 80% remotely.

Required Skills & Experience

Have a Bachelor’s Degree.
Have at least 3-5 years of professional experience working within Information Security and the responsibilities described above.
Detailed understanding of network protocols and services (TCP / IP, HTTP / HTTPS, REST / SOAP, FTPS / SFTP, DNS, SSL, firewalls, load balancers)
Robust creativity and problem-solving skills
Ability to think analytically
Strong knowledge of web applications, mobile APPs and infrastructure security
Proficiency in scripting languages such as: PowerShell, Python or bash
Ability to identify and exploit vulnerabilities
Strong background in all aspects of IT.
Fluent English proficiency (minimum B2, desirable C1).
Good interpersonal communications skills (verbal & written).
Good time management and related organizational skills.

Desirable but not required

Familiar with AWS services such as: EC2, S3, CloudFormation, RDS, CloudFront, VPC, Route53, IAM, CloudWatch,, Lambda, etc.
Familiar with Microsoft Cloud services such as: Azure AD, Cloud App Security, AIP, …
Advanced understanding of Information Security and Cybersecurity; certification (e.g. SANS (GPEN, GWAPT, GXPN), Offensive Security Certifications (OSCP, OSCE, OSWE), CEH, CISSP) is a plus.

Si estás interesado, envíanos tu candidatura