Vakansiyanın detalları
- Əmək haqqı: Razılaşma yolu ilə
- Kateqoriya: Mütəxəssis
- azərbaycan dili ingilis dili
Vakansiyanın təsviri
- Planning and executing penetration tests on internal and external infrastructure (Network, Active Directory, Windows/Linux servers);
- Security assessment of web applications (OWASP Top 10, business logic vulnerabilities, authentication/authorization flaws);
- Analyzing attack paths in Active Directory environments (Kerberoasting, ACL abuse, delegation vulnerabilities, lateral movement scenarios);
- Evaluating discovered vulnerabilities based on risk level and preparing technical/management level reports;
- Collaborating with infrastructure and application teams during the remediation process, and retesting fixes;
- Working with the SOC team to test and improve detection rules;
- Participating in phishing simulations and social engineering assessments;
- Security assessment of AI-based systems and LLM-integrated applications (prompt injection, jailbreak, data leakage, OWASP Top 10 for LLM Applications test scenarios);
- Effective use of AI-based tools in pentest processes (reconnaissance, payload generation, automating report preparation);
- Conducting the vulnerability management process: managing Rapid7 and Tenable Nessus scanners, configuring scan profiles, analyzing results, and filtering false positives;
- Analyzing and prioritizing the impact of new CVEs on the infrastructure.
Xüsusi tələblər
- At least 3 years of practical experience in information security, including at least 2 years in penetration testing;
- Practical certification requirement: OSCP or equivalent certification - CRTO, PNPT, eCPPT/eCPPTv2, GPEN, or similar. OSCP is preferred;
- Ability to independently conduct network and infrastructure penetration tests;
- Practical experience in the security assessment of Active Directory environments and a deep understanding of primary attack paths;
- Manual web application testing skills: detecting business logic, authentication, and authorization vulnerabilities beyond automated scan results;
- Practical experience with vulnerability scanners: configuring scans, triaging, and verifying results on Tenable Nessus, Rapid7 InsightVM/Nexpose, or similar solutions;
- Knowledge of post-exploitation, privilege escalation, and analysis of basic security configurations in Windows and Linux systems;
- Manual testing of API security, REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR), mass assignment, and rate limiting bypass;
- Cloud security, fundamental pentest scenarios in AWS / Azure / GCP environments (IAM misconfigurations, S3 bucket exposure, metadata service abuse)
- Understanding of Container / Microservice environment security, primary misconfiguration points in Docker and Kubernetes, and container escape scenarios;
- Proficiency in at least one scripting language (Python, PowerShell, or Bash) for automating test processes and developing simple tools when needed;
- Documenting findings in a clear, reproducible, and risk-based reporting format, and providing specific remediation recommendations;
- Fluent communication skills in Azerbaijani.
- English language proficiency for working with technical documentation and reports.
- Additional certifications: OSEP, OSWE, CRTP/CRTE, BSCP, or similar practical certificates.
- Understanding of EDR detection and evasion techniques.
- Understanding how attacks look from a log and detection perspective.
- Experience with C2 frameworks: Cobalt Strike, Sliver, Havoc, or similar tools.
- CTF participation, HackTheBox/TryHackMe profile, bug bounty experience, or personal security research: blog posts, CVEs, open-source tools, etc.
- Interest or practical experience in AI/LLM security: OWASP LLM Top 10, MITRE ATLAS, AI red teaming.
- Familiarity with AI-assisted pentest tools: PentestGPT, Burp AI, and similar solutions.
Müraciət etmək üçün: [email protected]
Yeni vakansiyaları operativ almaq üçün Telegram-kanalımıza qoşulun
