Employer: River Security AS
Job title: Senior Penetration Tester
Deadline: Apply! For the right person, there is always an opening.
Form of employment: 100%
Get to know River Security: https://riversecurity.eu
Cyber Security is an indispensable part of all services, especially on the Internet. River Security prides ourselves in tackling Cyber Security challenges head-on with ways we believe best disrupt cyber criminals and threat actors. We are currently one of Norway’s strongest cyber security innovation companies. We are therefore in the process of strengthening our investment with more cyber security experts for conducting penetration testing and further develop our services within Attack Surface Management (ASM). In this connection, we are now looking for a new Senior Penetration Tester. Do you have professional weight as a penetration tester and want to further develop yourself? Then we can help give you an exciting everyday life and a committed team to work with.
The successful candidate will possess a breadth and depth of knowledge within the Cyber Security field. This position requires continuous learning to keep up with the latest technologies and attack tactics as well as a tenacious attitude. Our employees are expected to continuously improve their tradecraft and add to the breadth and depth of their knowledge.
- You are a naturally curious self-starter
- You thrive in a team-oriented environment but can also develop and deliver independently with little to no supervision.
- Relentless learner – you actively seek to add to your skillset and knowledge base while challenging the status quo to drive efficiency in the team
- Strong interpersonal skills – you can communicate with a wide range of technical and non-technical teams
- Insist on high standards within the team and actively share your perspectives with the team
You are an expert penetration tester and the customer’s right hand when it comes to establishing goals, test plans and coordinating activities related to these subject areas. You should also be able to manage security incidents when needed.
If you are passionate about IT and information security and want to work in the field – yes, then you should apply. As a penetration tester, you will work on new projects almost every week, so you must be able to familiarize yourself with new solutions rapidly and like to pick them apart to find the security vulnerabilities.
The ability to perform context switching is highly beneficial when you will be working in parallel projects.
Being creative and thinking outside the box is essential, as parts of the work you will be conducting includes testing systems to make them run commands they are not designed for.
Just as important as the technical knowledge is the ability to convey the results to the customer for both technical and management levels.
Finally, feel free to recognize yourself in the following:
- 5+ years of professional experience in a penetration test role.
- Excellent communication skills, both written and oral
- Good knowledge of and experience with all aspects of penetration testing, with emphasis on infrastructure, web applications and networks.
- Knowledge of Cyber Kill Chain and the MITER ATT & CK framework.
- We appreciate extra certifications such as:
- GIAC certifications e.g. GIAC GPEN, GWAPT, GCIH, GCFA, GREM
- Offensive Security certifications e.g. OSCP, OSWE, OSEP, OSCE
- eLearnSecurity certifications e.g. eCIR, eCPPT, eCRE, eWPTXv2 etc.
- Penetration Testing tools and Scripting (Python, Powershell, etc.)
- Vulnerability Management / Assessment tools
About the position
As a significant part of River Security, you will lead the customer in understanding how secure they are, and how attractive their company and their systems are to a potential attacker. Ethical hackers use techniques and strategies commonly used by criminal and malicious hackers; performs intelligence operations against companies, tests applications and infrastructure for known and unknown vulnerabilities, analyzes code to detect security flaws, and simulates fraud attempts against the company’s employees. Ethical hackers help our largest and most important customers to secure their systems, and help to secure, among other things, national interests, critical infrastructure, and personal data for millions of people.
By becoming part of River Security’s skilled and committed security team, you can join and shape the future and carry out important work that creates value for our customers, and most importantly, puts a serious dent in what cyber criminals can do. Some other good reasons to work here are:
- You will work with leading professionals in this field and learning alongside them in a vibrant learning environment
- The chance to be exposed to and lead projects
- We motivate continual professional development, and encourage employees to develop their career through external course providers
- Flexible working hours with a good balance between work and leisure.
- We organize internal events like “Hacker House Get2Gether”, team buildings and other social gatherings
- Competitive salaries and employee benefits program (EMBA)
- Your ideas you will potentially influence the company direction. There is a short way from idea to implementation in young and agile companies.
- Develop and deliver test strategies for attacking and assessing complex and distributed systems
- Scope and execute penetration tests based on customer goals and objectives
- Provide representative tactics, techniques and procedures (TTPs) for opportunistic, advanced and sophisticated attackers according to customer goals and objectives
- Prepare clear and concise reports for handovers with customer
- Execute verification and validation testing for customer mitigations and fixes
- Develop and deliver walkthroughs, proof of concepts (PoCs), articles and formal presentation
Research and development (R&D)
- Contribute to the continuous development of our self-developed Attack Surface Management service, Active Focus.
The role reports to the leader of offensive security.
Reasons to choose us
The most important reason why you should consider applying is because you want to be part of a growing, fun and skilled professional environment within cyber security, at the same time you will have the opportunity to work with a wide range of projects of great significance.
Are you still triggered to become part of River Security? Then we look forward to getting to know you better!
This is an excellent opportunity to join a start-up who take pride in their supportive and collaborative culture.
About the employer
River Security was established and founded in 2020. We are all about upstream thinking, thinking ahead of the symptoms and fixing problems at their core. We aim to disrupt and challenge the given standards in the industry, when approaching the ever-changing environments on behalf of our clients. We take pride in finding the right solutions and giving the best advice to help solve the core of problems. We practice ethical and healthy business, working for mutual benefits and value for both provider and client. As a fairly new player in the industry, we challenge the norm on how consulting and it-security assessments should be conducted. Furthermore, we strive to raise the standards and change the perspective with our methodology. Both now and in the future, we will further differentiate by holding only senior level of expertise in our group of consultants. This is crucial when delivering these types of critical assessments. As an independent Provider, with no connections or contracts with technology providers, we differentiate even more from the competitor landscape, and this makes it even easier to act objectively and deliver advice with no influence. We consider this to be essential characteristics of River Security and we find this attribute to be a key performing factor that gives our Clients the best possible delivery.
In addition to deliver “traditional” penetration testing activities, we have our own self-developed technology, Active Focus. This is a pro-active consultancy service with the purpose of continuously observing the known tactics, techniques and procedures attackers and criminals are using online and against our organizations. Through observation and pro-active testing, we will increase security, reveal vulnerabilities, and prevent attacks by proactively identifying vulnerabilities. As the digital attack surface changes on a regular basis, new services are provisioned and existing services change. It is therefore important to be flexible and dynamic when monitoring systems.
River Security helps large private companies and public enterprises to take digital leadership and is concerned with creating value for customers and society. We want to contribute to a better and more sustainable future. We consist of 8 employees:
We are profitable and in growth.
We apply a fully remote workforce, our head-office is in Oslo.
We have by November 2021, 40+ customers spread across Europe.
Our vision is to make internet a safer place for our customers. We do this by providing proactive consulting services and by delivering our self-developed Attack Surface Management platform, Active Focus. We also do safety audits and give lectures on attitude-creating work. In River Security, we work agile and directly with our end customers.
Now we need more penetration testers! Are you the one we are looking for?