Jump to content
Zatarra

Senior Application Security Tester (Pentest)

Recommended Posts

 

Care vrea, let me know:

 

 

Atos SE (Societas Europaea) is a leader in digital services with pro forma annual revenue of circa € 12 billion and circa 100,000 employees in 72 countries. Serving a global client base, the Group provides Consulting & Systems Integration services, Managed Services & BPO, Cloud operations, Big Data & Cyber-security solutions, as well as transactional services through Worldline, the European leader in the payments and transactional services industry. With its deep technology expertise and industry knowledge, the Group works with clients across different business sectors: Defense, Financial Services, Health, Manufacturing, Media, Utilities, Public sector, Retail, Telecommunications, and Transportation.

Atos is focused on business technology that powers progress and helps organizations to create their firm of the future. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and is listed on the Euronext Paris market. Atos operates under the brands Atos, Atos Consulting, Atos Worldgrid, Bull, Canopy, Unify and Worldline.

Requirements (skills) :

  • A minimum of 3 years of professional experience in the field of Information Security
  • Solid experience in the operation and safety assessment of Web applications (OWASP Testing Guide, Burp, IBM AppScan)
  • Several years of experience in dealing with relevant tools for security verification and penetration testing (Kali, Metasploit, Nessus, Wireshark ...)
  • Several years of experience with programming and scripting languages (JavaScript, PHP, Java) and very good knowledge of Linux and Windows systems
  • Nice to have - one or more relevant certifications (CEH, CISSP, ...)

     

     

Responsibilities :

  • Performing application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
  • Review and define requirements for information security solutions
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications)
  • Participate in Security Assessments of networks, systems and applications
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

 

Compensation and Benefits
A great incentive to join the Atos team is the market competitive range of benefits that the Company provides. In addition to this Atos operates a flexible benefits scheme that allows you to purchase discounted products and services. Additionally, comprehensive training and development is delivered in a variety of ways, leading to accreditation if required.


Your Application
Atos does not discriminate on the basis of race, religion, colour, sex, age, disability or sexual orientation. All recruitment decisions are based solely on qualifications, skills, knowledge and experience and relevant business requirements.
We are committed to making reasonable adjustments to the applications process for people with disabilities.

 

O sa scriu tot aici:

 

Mai sunt joburi pentru:

CYS - Front-End Developer (Evidian IDaaS) - Nivel mediu/avansat
CYS - Java Developer (Evidian IDaaS) - Nivel mediu/avansat
CYS - C/C++ Developer (Evidian IDaaS) - Nivel mediu/avansat
CYS - Tester (Evidian IDaaS) - Nivel incepator

 

Daca aveti nevoie de descriere pentru celelalte joburi trimiteti un mesaj privat.

  • Upvote 3
Link to comment
Share on other sites

55 minutes ago, Zatarra said:

Care ii problema cu CISSP? Ca nu m-am prins :)

Ceh e mai pentru entry level, parca e facut de niste indieni. Cissp e mai pentru experimentati.

Din ce stiu la cissp sunt intrebari practice, situatii din care sa reiasa nivelul de experienta. La ceh e intrebarea si raspunsul.

Sa ma contraziceti daca nu e asa.

http://www.techexams.net/forums/isc-sscp-cissp/127772-multiple-certification-difficulty-ranking.html

Link to comment
Share on other sites

CISSP, dupa cum e si descris, incearca sa "acopere o arie larga, dar o adancime mica". Adica acopera foarte multe lucruri din domeniu IT/Information Security, insa nu intra in detalii.

Am inteles ca incearca sa imbunatateasca CEH, si ca vor sa adauge lucruri practice, dar nu stiu daca au evoluat prea mult cu ultima versiune.

 

Mai relevante pentru un penetration tester ar fi GXPN de la SANS - la care au si teste practice, si desigur, OSCP, unde ai un examen de 24 de ore (ca sa nu mai zic ca recent au introdus verificare si pentru a da examenul trebuie sa stai cu camera pornita, sa se asigure ca il dai tu si nu altcineva in locul tau).

  • Thanks 1
Link to comment
Share on other sites

Cam asa ceva. Dar da bine la HR. :D

Bine, serios vorbind, are valoarea ei. De fapt, ea nu e o certificare pentru "pentest" si una care ofera celui care o are cunostiinte generale de "security" din foarte multe arii. E utila pentru pozitii de management, deoarece "pentest" e doar o mica parte din ceea ce inseamna "security".

  • Upvote 1
Link to comment
Share on other sites

13 hours ago, Nytro said:

Cam asa ceva. Dar da bine la HR. :D

Bine, serios vorbind, are valoarea ei. De fapt, ea nu e o certificare pentru "pentest" si una care ofera celui care o are cunostiinte generale de "security" din foarte multe arii. E utila pentru pozitii de management, deoarece "pentest" e doar o mica parte din ceea ce inseamna "security".

Deci pana la urma ai inteles la ce ii necesara aia. CISSP nu se cere oamenilor tehnici, de obicei, iar daca se cere, se cere cu alte scopuri :).

Link to comment
Share on other sites

Am luat CEH acum un an, saptamana trecuta am luat si OSCP-ul, nu mi s-a parut deloc complicat, chiar am terminat cu mult inainte de cele 24 ore. Acum la munca i-am zis la sefu sa imi plateasca sa dau OSCE, si a zis ca ar prinde mai bine sa dau CISSP. Inafara de certificarile de la Offensive Security, mai sunt altele care sa fie asa "practice" si relevante pe "pentest" ?

 

2 hours ago, Zatarra said:

Deci pana la urma ai inteles la ce ii necesara aia. CISSP nu se cere oamenilor tehnici, de obicei, iar daca se cere, se cere cu alte scopuri :).

Ce scopuri? 

 

P.S: O mica parodie pentru CISSP din sala :) 

 

 

 

  • Like 1
Link to comment
Share on other sites

12 hours ago, DuTy^ said:

Ce scopuri?

 

 

Cand ai zeci de mii de endpoint-uri (interne sau externe), CEH nu prea mai are relevanta. Se merge mai mult pe strategii, chestii generale si un view mai de ansamblu, cam ceea ce se face in CISSP. Cu alte cuvinte lasi tehnicul in spate pentru baietii mai pasionati si o dai in (Security as a Service)/Management.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...