Security/Penetration Test Engineer

Sword Services Greece is an IT Services and Software Solutions provider company, driving EU Institutions and Global Leaders in their Digital & IT transformation. As part of the Sword Services Greece team, you'll leverage your expert IT competency to drive critical projects, ensuring rapid, precise delivery that consistently meets, and often exceeds, the expectations of our global clients.

About the role

We are currently seeking an experienced Security/Penetration Test Engineer to join our team in Strasbourg, France. The successful candidate will work in a multinational environment on a multitude of tasks supporting our business in implementing and developing solutions for large EU and international institutions and private sector companies in Greece and abroad.

What you will do

• Identify, analyse and assess technical and organisational cybersecurity vulnerabilities
• Identify attack vectors, uncover and demonstrate exploitation of technical cybersecurity vulnerabilities
• Test systems and operations compliance with regulatory standards
• Select and develop appropriate penetration testing techniques
• Organise test plans and procedures for penetration testing
• Establish procedures for penetration testing result analysis and reporting
• Document and report penetration testing results to stakeholders
• Deploy penetration testing tools and test programs
• Provide the following automated, manual or hybrid security testing services following appropriate industry wide, highly recognized methodologies and standards:
  • Penetration testing including application pen testing, infrastructure pen testing, cloud application & environment pen testing, social engineering testing, web application testing, device pen testing (including workstations, servers, laptops and mobile devices - tablets and smartphones), wireless pen testing;
  • Vulnerability Assessment services for external and internal systems;
  • Security source code review or development experience at least in C/C++, C#, VB.NET, ASP, or Java;
  • Identify information to be provided by Client based on the nature of test being performed (e.g., White Box, Black Box, Grey Box);
  • Use tools and manual testing to perform code security analysts to identify vulnerabilities and attack vectors in applications and infrastructure.
• Execute SAST, DAST, vulnerability scans and penetration tests;
• Identify targets and map attack vectors;
• Identify the exploitable vulnerabilities;
• Identify the security risk level, business impact and provide the remediation plan
• Draft security test cases based on the requirements;
• Provide the Contracting Authority with a report for each service completed, provide the risk and the business impact of each finding and provide recommendations to mitigate deficiencies and risks.

Technical Skills required

• Experience providing consulting services in a highly confidential environment;
• Minimum of 7 years of experience in providing IT and Information security services;
• Understanding and demonstrable willingness to learn of offensive and defensive security, including offensive evasion and defensive prevention techniques;
• Experience with penetration testing against a wide variety of applications including web, mobile, and thick client above and beyond running automated tools required;
• Ability to present findings and recommendations to peers, co-workers, and customers;
• Capacity in writing documents;
• Ability to communicate effectively with development team;
• Perform social engineering
• Identify and exploit vulnerabilities
• Conduct ethical hacking
• Use penetration testing tools effectively
• Conduct technical analysis and reporting
• Decompose and analyse systems to identify weaknesses and ineffective controls
• Review codes assess their security

Experience in the following will be considered as an asset:

Industry certifications or similar qualifications appropriate to the services provided, such those listed below, will be a plus:

• GIAC Certified Penetration Tester (GPEN)
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Ethical Hacker (CEH)
• GIAC Systems and Network Auditor (GSNA)
• Certified Penetration Tester (CPT)
• Certified Expert Penetration Tester (CEPT)
• GIAC Certified Web Application Defender (GWEB)
• ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• CREST Penetration Testing Certifications

Behavioral Attributes

• Self Development: Shows eagerness to grow and achieve more in respective area of expertise;
• Adaptability / Flexibility: Shows ability to cope with fast changing technologies and requirements;
• Solution focused mindset: Focus on work quality results with attention to detail and delivery of tasks within agreed deadlines;
• Focus on Customer either internal or external;
• Creativity & Initiative: Proposes ideas and solutions to existing ways of working, takes initiatives, identifies risks and works proactively;
• Teamwork: Collaborates effectively & efficiently with various diverse and geographically distributed work teams;
• Accountability: Shows strong sense of responsibility and ownership of the activities assigned.

Our Culture

At Sword, our values define how we behave towards our colleagues and clients, and that is Respect and Collaboration. We believe that together we achieve more! Grasp a taste of our daily life at our Sword Services Greece Experience page on LinkedIn.

Please submit your CV in English. All applications will be treated as strictly confidential.

At Sword we are dedicated to fostering a diverse and inclusive workplace and we ensure that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. Discrimination based on sex, racial or ethnic origin, religion or belief, disability, age, sexual orientation or marital status, physical or mental disability, or any other factor protected by applicable laws and regulations is prohibited. As part of our culture, we respect human rights and focus on creating a positive workplace, where all employees are valued, and where diversity and inclusion are a vital part of our everyday working experience. If you don't tick all the boxes but feel you have some of the relevant skills and experience, we're looking for, please do consider applying and highlight your transferable skills and experience. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.