Security Evaluator - Penetration Tester

SGS Brightsight is part of SGS – the world's leading testing, inspection and certification company. At SGS Brightsight, we support companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.

SGS Brightsight in Barcelona is looking for a Senior/Junior Software Penetration Tester. We are seeking a skilled and motivated professional to join our team as a Software Penetration Tester. As a Software Penetration Tester, you will be responsible for assessing the security posture of software applications, systems and networks by identifying vulnerabilities and conducting ethical hacking activities. Your role will involve performing penetration tests, vulnerability assessments and security audits to ensure the robustness and resilience of our software solutions. You will collaborate closely with development teams, provide actionable recommendations and contribute to the enhancement of our overall security posture. The Software Penetration Tester will lead security assessment and evaluation projects, conduct tests and/or advise others how to conduct tests to evaluate security vulnerabilities in software applications, IoT and network devices. Depending on the candidate, the role may include responsibility for the test environment and test procedures. We are looking for a person with a fascination for IT security. You will join a multidisciplinary team to execute security evaluations on state-of-the-art products such as, trusted execution environment, hypervisor, real time operating systems, artificial intelligence, secure elements, network devices, key managers, hardware security modules etc. Responsibilities Conduct comprehensive penetration tests on software applications, systems and networks to identify security vulnerabilities and weaknesses Perform vulnerability assessments and security audits to evaluate the effectiveness of existing security controls Utilize a variety of penetration testing techniques, tools and frameworks to identify, exploit and mitigate vulnerabilities Collaborate with development teams to understand software architecture, design and implementation details Conduct manual and automated testing of software applications to identify security flaws in any kind of software systems and platforms Analyze and interpret the results of penetration tests, providing detailed reports and actionable recommendations to stakeholders Collaborate with developers to remediate identified vulnerabilities and implement appropriate security measures Stay updated on the latest security threats, vulnerabilities and countermeasures, and continuously enhance knowledge and skills in the field of penetration testing Participate in the development and improvement of secure coding practices, guidelines and security testing methodologies

Must: You have a Bachelor's or Master's degree in a technical field of study (computer science, telecommunications, electronics, physics, mathematics) You have strong analytical and problem solving skills with attention to detail You can work effectively both independently and collaboratively in a team environment You have strong organizational skills with the ability to prioritize tasks and meet deadlines You have English language skills Desirable: Solid understanding of security principles, cryptographic algorithms and security protocols Knowledge/experience in ISO27001, Common Criteria, SESIP, PSA, CSA, LINCE, NESAS, PCI Knowledge/experience in Smartcards, HSM, ARM, cryptography, web, networking technologies Experience in conducting security evaluations, vulnerability assessments or penetration testing

SGS Brightsight provides a very good training program, from the basics to expert level We offer a supportive work environment that fosters professional growth and development We offer a competitive salary package based on the candidate. At SGS Brightsight you will: Be part of a multicultural team with highly motivated colleagues from all over the world Work for the recognized global leader in security evaluations Work with all major developers on their latest innovations Enjoy an informal and intellectually challenging work environment