Plan and conduct black-box, white-box, and gray-box penetration testing
engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
Document findings, develop security reports, and present them to relevant stakeholders.
Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
Continuously improve the organization security posture by creating, developing,
maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
Promote security awareness and best practices throughout the organization.
Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.
