Junior Penetration Tester

Job Description

About Asite Asite’s vision is to connect people and help the world build better. Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain. Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects. Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment. Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better. The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad). Job Summary: We are seeking a Junior Penetration Tester to join our team of security professionals. As a junior penetration tester, you will be responsible for conducting comprehensive vulnerability scans – infrastructure and code – basic penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems. You’ll also be learning on the job from the rest of the security team and support not only the Senior/Lead Penetration Tester but also the Information Security Officers of the regions and the CISO. You will learn about threat modeling, automation of the testing, and advanced techniques to identify vulnerabilities and learn how provide actionable recommendations to improve the overall security posture of Asite SDLC, systems, Partners nad Clients. You will manage a small number of Applications and processes that you also must mentor and guide in the best practices and help grow the Trainees of the Team. You must have a passion for knowledge sharing and continuous learning. You are willing to undergo background checks and Security Clearance. Key Responsibilities: Conduct risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP Develop and maintain comprehensive documentation and understanding of systems, including architecture, design patterns, and application logic Learn to design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies. Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development Support the mentoring of a team of interns. Requirements: Up to 2 years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing. Willing to undergo background checks and security clearance. Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred. Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines or willingness to learn Gain expertise in threat modeling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering) Knowledge of web application security frameworks, such as OWASP a big plus. Familiarity with mobile app security testing tools and techniques Experience with desktop application security testing. Basic level of understanding of API security testing, including protocol analysis and exploitation Good networking fundamentals, including TCP/IP, DNS, DHCP, etc. Proficiency in scripting languages, such as Python, Ruby, PowerShell a big plus. Experience with agile development methodologies and collaboration tools like JIRA and their integrations is a great to have Excellent communication, problem-solving, and analytical skills Nice to Have: Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions. Show more Show less