Vulnerability Assessment and Penetration Testing Engineer

Vulnerability Assessment and Penetration Testing Engineer

As part of our continued Secure Solution team expansion, we are on the lookout for a Vulnerability Assessment and Penetration Testing Engineer to join our team located in Manila, Philippines. 

The VAPT Engineer is a vital member of Continent 8’s Managed Security Services team. They are responsible for leading and coordinating vulnerability assessment and penetration testing efforts for our customers. Furthermore, they are responsible for identifying security weaknesses, assessing risks, providing support remediation initiatives and ultimately ensuring a customer’s systems, applications, and networks are well-protected against potential threats.

This role directly contributes to Continent 8’s Managed Security Services Provider offerings.

The Role 

 As a Vulnerability Assessment and Penetration Testing Engineer, you will be responsible for:

VAPT Oversight: Oversee the planning, execution, and reporting of VAPT tests, ensuring that testing activities align with best practices and meet the organization's goals.

Collaborating with stakeholders to define project scopes, objectives, and timelines for vulnerability assessments and penetration tests.

Conducting vulnerability assessments, code reviews and penetration tests against web technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.).

Implementation and utilisation of web application vulnerability scanning tools (e.g. Invicti DAST Scanner, SoapUI, Burp Suite Pro, Checkmarx etc.) to automate the process of VAPT testing.

Act as a domain expert around vulnerability and penetration testing.

Create risk assessments to evaluate the severity and potential impact of identified vulnerabilities, considering factors such as exploitability and potential business impact.

Provide remediation guidance to technical teams and customer stakeholders on the appropriate steps to remediate identified vulnerabilities effectively.

Reporting and Communication: Generate comprehensive and actionable reports from penetration tests and vulnerability assessments, communicating findings to relevant stakeholders.

Continuously assess and enhance the VA/PT processes, methodologies, and tools to adapt to emerging threats and improve efficiency.

Collaborate with the customer’s IT teams, development teams, and other stakeholders to ensure security considerations are integrated throughout the software development lifecycle.

Threat Intelligence Integration: Stay informed about the latest threat intelligence and attack trends to guide testing efforts and prioritize critical vulnerabilities.

Compliance and Standards: Ensure that vulnerability assessments and penetration tests align with industry standards, regulations, and compliance requirements.

Knowledge, Skills, Qualifications & Experience Required: 

Proven track record 5+ years of experience in vulnerability scanning, analysis & penetration testing of websites, cloud hosted applications, APIs and networks (etc.)

Excellent understanding of common app/apis/network vulnerabilities & attacks (OWASP Top 10s, SANS Top 25, CVEs, CWEs..)

Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux, Sn1per, Maltego (non-exhaustive list)

Knowledge of manual testing of web applications

Knowledge of DevSecOps and integrating security into CI/CD pipelines

One or more of the following certifications: GWAPT, CEH, OSCP, SANS, CISSP, GXPN, OSCE (or qualified work experience).

Expert-level experience and very detailed technical knowledge in at least 3 of the following areas:

General information security.

Security engineering.

Application architecture.

Authentication and security protocols.

Application session management.

Applied cryptography.

Common communication protocols.

Mobile frameworks.

Single sign-on technologies.

Development frameworks (Angular, React, etc.).

Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript).

Knowledge of a Structured Query Language.

Good knowledge of modifying and compiling exploit code

Hands on experience of working in Windows and Linux

Has practical experience in auditing various Operating Systems, Databases, Network and Security technologies

Had exposure in Ethical Hacking competitions and programs like Bug Bounty, Capture the Flag etc.

Attributes:

Effectively communicate complex technical concepts such as security vulnerabilities to application developers and/or senior managers who may have little to no experience with security.

Must have the ability to work independently at a very large scale, enterprise setting and collaborate with multiple team members.

Detail-oriented and well-organized.

Proactive and able to multitask effectively.

Approachable with strong interpersonal skills.

Adaptable and willing to learn in a rapidly changing environment.

Our Company

Continent 8 has powered a second digital revolution – a revolution defined by intense, instantaneous, and omnipresent computing power. We have built and secured the world’s most reliable and secure edge network. Our global footprint spans every inhabited continent, and our edge network is local to over 92% of the world’s population.

We regularly fend off some of the most sophisticated attacks in the world and our security solutions are known to provide unmatched protection. We have developed specialized expertise in regulatory environments. We help protect against cyber and political risk, ensuring that our world class network delivers high availability and throughput.

Our secure edge network is globally distributed and serves the world’s most demanding industries. The gaming and financial trading industries depend on us to process billions of dollars’ worth of transactions each day. The transportation and autonomous vehicle industries depend on us to move the world’s population. The energy and utility industries depend on us to power critical infrastructure. Organizations choose Continent 8 when they simply can’t afford to lose connectivity.

We are the Edge Infrastructure-as-a-Service provider of choice for the world’s most demanding customers.