Simulate attackers in order to detect vulnerabilities in SOMPO’s systems. Challenge Sompo’s current security controls. Conduct authorized attacks to identify security vulnerabilities, through pen-testing, code review, vulnerability research, threat modeling, architecture review and more.
What Will You Do?
-
Determine with Sompo’s business units the scope of work.
-
Plan and execute attack scenarios.
-
Create reports including mitigation recommendations and technical explanation on the security issues with matching level of risk.
-
Present your conclusions to management and relevant parties, reflecting the gaps and business impact to relevant stakeholders.
-
Working with the cyber startup eco-system to find innovative solutions.
Requirements
-
At least 4 years of experience in cyber security where at least 2 years out of them in pentesting.
-
In-depth understanding of computer systems and their operation.
-
High familiarity with OWASP top 10.
-
Excellent spoken and written communication in English - ability to articulate how vulnerabilities impact the business.
-
Communicating methods to a technical and non-technical audience including executives.
-
Vast experience in security systems in mid-large organizations.
-
Exceptional analytical and problem-solving skills.
-
Persistence to apply different techniques to get the job done.
-
A team player who supports colleagues and share ideas and techniques.
-
Plan and execute tests while considering client requirements and limitations.
-
Ethical integrity to be trusted with a high level of confidential information.
-
Commitment to continuously updating technical knowledge base.
Advantage
-
Experienced in SDLC, threat analysis (STRIDE) and/or code review.