CAREERS
A Jr. Penetration Tester is responsible for conducting ethical hacking and penetration testing activities to identify and assess vulnerabilities in computer systems and networks. This role is an entry-level position that is designed to provide hands-on experience and training in the field of cybersecurity.
Some key responsibilities of a Jr. Penetration Tester include:
- Conducting vulnerability assessments and penetration tests on computer systems and networks
- Identifying and documenting vulnerabilities and potential security threats
- Collaborating with the cybersecurity team to develop and implement remediation plans
- Conducting research on new hacking techniques and tools
- Participating in training and professional development activities to expand knowledge and skills in the field of cybersecurity
- Maintaining current knowledge of industry trends and developments in cybersecurity
What It Is That You Will Be Doing
- Identify any security flaws in Pasta Mentor’s environments and software, as well as plan for and prepare for any potential dangers.
- Collaborate with Pasta Mentor Engineering to examine the source code and test for any vulnerabilities before presenting evidence that the code can be exploited. Document the findings in a way that allows the engineers and senior leadership to comprehend the potential risks and the procedures to mitigate them.
- Determine which environments and software Pasta Mentor uses and then run controlled security vulnerability exploits and penetration tests on those environments and applications.
- Maintain a working knowledge of sophisticated cyber threat actor tactics, methods, and procedures (TTP), and imitate these TTPs in order to assess the susceptibility and risk of your system.
- Maintain oversight of the bug bounty program and communicate any valid discoveries to the engineering staff so they can be fixed.
- Maintain an up-to-date knowledge of the most recent trends in regulatory compliance and cybersecurity. How does this affect Pasta Mentor right now, and what consequences might it have on Pasta Mentor in the future?
- Construct and recommend security initiatives ranging from proofs of concept to operational levels, as required.
- Record all security protocols, guidelines, and recommendations in a document.
- Develop reports and presentations that are exhaustive and accurate for both technical and executive audiences (these audiences may be internal to Pasta Mentor or external, such as prospects/clients or the media).
- Developing a security-conscious organizational culture and organizing ongoing training for staff members are two of the most effective ways to guarantee that security protocols are followed at all times.
About You
- A degree in Information Technology, Computer Science, or a related field is highly desirable but not required.
- PNPT certification is very sought after.
- General security certification (Security+) is also highly sought after.
- At least one year of hands-on experience as a team member that does penetration testing.
- 2 or more years of experience in a field related to information technology is highly desirable but not required.
- Security protocols, cryptography, authentication, authorization, and security should all be well understood.
- Good working knowledge of the current Cybersecurity risk frameworks (OWASP/NIST/BSIMM), threat modeling (STRIDE/DREDD), and best practices for hardening systems (CIS/CSA).
- Knowledge of at least one of these languages: Java, C++, Python, Ruby, or GoLang
- A knowledge of how modern software is built Containers, IaC, CI/CD, Docker/K8
- An understanding of Linux and Windows operating systems, how they work in the enterprise, and how to secure them
- Strong knowledge of the TCP/IP and UDP protocols and the design and architecture of networks
- Tools for penetration testing like Burp Suite, Pacu, and others that come with the Kali Linux distribution.
- Problem-solving skills that include critical thinking, analysis, and logic.
- Ability to talk to and work with a wide range of people to explain and enforce security measures. Excellent written and verbal communication skills, as well as business sense and a commercial outlook.
- Some experience with cloud services like AWS, Azure, and GCP and knowing how to build secure cloud-native solutions is a plus.
- Information security and/or IT risk management experience with a focus on security, performance, and dependability is a plus.
To succeed in this role, a Jr. Penetration Tester should have a strong understanding of computer systems and networks and a passion for learning about new technologies and cybersecurity best practices. They should also be detail-oriented and have excellent problem-solving skills.
As a Penetration Tester for Pasta Mentor, you will be responsible for conducting ethical hacking and penetration testing activities to identify and assess vulnerabilities in the company’s computer systems and networks. You will be actively involved in helping to secure Pasta Mentor’s network and technologies at all of its worldwide locations, which currently number 1337 and counting.
In this role, you will work closely with the cybersecurity team to identify and document vulnerabilities and potential security threats. You will also collaborate with the team to develop and implement remediation plans to address any identified vulnerabilities. You will be responsible for researching new hacking techniques and tools, and participating in training and professional development activities to expand your knowledge and skills in the field of cybersecurity.
Some key responsibilities of a Penetration Tester include:
- carrying out tests of computer systems and networks to determine their levels of vulnerability and to probe their security.
- the investigation of, and documentation of, potential security risks and weaknesses
- Working in concert with the cybersecurity team to devise and carry out remediation programs
- Investigating emerging hacking methods and software tools
- Taking part in training and other forms of professional development in order to increase one’s knowledge and capabilities in the subject of cybersecurity
- Keeping abreast of the latest advancements and trends in the market in regards to cybersecurity
What It Is That You Will Be Doing
- Locate and report any vulnerabilities in the software and settings used by Pasta Mentor, as well as build a game plan and get yourself ready for any prospective threats.
- Before giving evidence that the code can be abused, you should work along with Pasta Mentor Engineering to investigate the source code and search for any vulnerabilities that might be there. Document the findings in a way that enables the engineers and senior leadership to understand the potential hazards as well as the procedures that can be used to manage those risks.
- Find out which environments and software Pasta Mentor utilizes, and then carry out controlled security vulnerability exploitation and penetration tests on the apps and environments you’ve identified.
- Maintain a working knowledge of advanced cyber threat actor tactics, methods, and procedures (abbreviated as TTP), and emulate these TTPs in order to evaluate the vulnerability and risk posed by your system.
- Maintain oversight of the bug bounty program and make sure any legitimate discoveries are communicated to the engineering staff so that they can be resolved.
- Ensure that your knowledge of the most recent developments in regulatory compliance and cybersecurity is up to date at all times. What kind of an impact does this have on Pasta Mentor right now, and what kind of repercussions could it have on the company in the future?
- Construct various degrees of security efforts, from proofs of concept all the way up to operational levels, and make recommendations regarding them.
- A document should be used to record all of the security protocols, rules, and suggestions.
- Construct reports and presentations that are extensive and accurate for both the technical and executive audiences (these audiences may be internal to Pasta Mentor or external, such as prospects/clients or the media).
- Two of the most successful strategies to ensure that security procedures are adhered to at all times are to first establish an organizational culture that prioritizes security, and then to organize continuing training for staff employees.
About You
- A bachelor’s degree in computer science, information technology, or a field closely connected to any of those is recommended but not essential.
- A PNPT certification is something that a lot of people want.
- General security certification, often known as Security+, is another credential that is in high demand.
- At least a year’s worth of practical experience working as a member of a team that does penetration testing.
- two years’ worth of experience or more in a field closely linked to cybersecurity.
- It is important to have a solid understanding of security protocols, cryptography, authentication, authorization, and security in general.
- Excellent working understanding of the most up-to-date cybersecurity risk frameworks (OWASP/NIST/BSIMM), threat modeling (STRIDE/DREDD), and best practices for hardening systems (CIS/CSA).
- A working familiarity with at least one of the following languages: Java, C++, Python, Ruby, or GoLang
- A familiarity with the construction processes of contemporary software Docker/K8, Containers, IaC, CI/CD, and More
- A familiarity with the Linux and Windows operating systems, as well as an awareness of how these systems function in business settings and how to protect them
- A solid understanding of the TCP/IP and UDP protocols, in addition to the design and architecture of network systems
- Tools for doing penetration tests, such as Burp Suite and Pacu, as well as others, are included with the Kali Linux distribution.
- talents for resolving problems, including critical thinking, analytical reasoning, and logical reasoning.
- The ability to communicate and collaborate with a diverse group of individuals in order to explain and implement security measures. Exceptional writing and verbal communication abilities in addition to strong business sense and a market-oriented perspective.
- It would be beneficial to have some experience working with cloud services such as AWS, Azure, and GCP, as well as knowledge of how to construct secure cloud-native applications.
- Experience in information security and/or IT risk management, preferably with a concentration on security, performance, and dependability, is desirable for this position.
In order to be successful in this position, a Junior Penetration Tester needs to have a solid understanding of computer systems and networks, as well as an enthusiasm for learning about new technologies and the most effective methods related to cybersecurity. They should also pay close attention to detail and be adept at finding solutions to difficult problems.
To move on to the next process, please submit your resume.
Divi
Hours
Monday: 11am – 10:00pm
Tuesday: 11am – 10:00pm
Wednesday: Closed
Thursday: 11am – 10:00pm
Friday: 11am – 10:00pm
S & S: 12pm – 8pm
Contact
(255) 352-6258
Address
1234 Divi St. #1000
San Francisco, CA 33945