Penetration Tester

Company Description

SmartDev is a leading provider of global software solution. SmartDev was established in 2014 and is a wholly owned subsidiary of Verysell Technologies Group (Switzerland).

SmartDev combines renowned Swiss quality with the Vietnamese passion to provide excellence and value. SmartDev brings together smart people both internally and externally to create partnerships that push boundaries and challenge the status quo.

**Job Description**:

- A self-starter, independent with mínimal supervision and strong hand-on experiences in penetration testing for various tech stacks including cloud environment.
- Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process.
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.
- Responsible for operation of security penetration testing and internal tools, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank.
- Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.

**Qualifications**:

- Between 5 - 10 years of in-depth, hands-on working knowledge in penetration testing and vulnerability management in a global environment. Out of this a minimum of 3 years’ of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst.
- The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management.
- Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration.
- Web, Mobile Applications and Operating Systems exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning.
- Programming languages such as Objective-C, Java, SWIFT and Assembly, one/or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting.
- IOS and Android reverse engineering, disassembling, decompiling and root/jailbreak detection evasion.
- Writing and demonstrating proof of concept work from an exploitation or attack perspective.
- Building and employing modules and tailored payloads for common testing frameworks or tools.
- Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security.
- Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions.
- Hardware hacking or building custom hardware for the purpose of exploitation.
- Experience in cloud security, especially AWS and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD).
- Experience in container and Kubernetes testing and working knowledge of security best practices.
- Strong communication skills -oral and written.
- Ability to work in a fast-paced team environment.
- Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills.

We are also looking for:

- A hustler who is highly adaptable and able to perform in a fast-paced dynamic environment.
- A team player who champions ownership and upholds a collaborative work environment.
- An inquisitive learner who has the appetite for continuously improving and streamlining processes and the way we work.

Additional Information

BENEFITS:

- Good work environment and good colleague (parties, holidays, team building activities)

+ Competitive Salary

+ Commission

+ Other benefits to be discussed
- 20 annual leave days alongside Vietnamese public holidays
- Self-organize project team
- Work with high profile multinational companies
- PVI Premium Healthcare System