Junior Security Pen Test Engineer

Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is a pioneering international organization established to support the development of market economies and promote private and entrepreneurial initiatives in countries transitioning to market economies. Founded in 1991, the EBRD operates in over 30 countries across Europe, Asia, and the Middle East, employing thousands of professionals dedicated to fostering sustainable development and economic growth. The EBRD's mission is to promote the transition to open and democratic market economies, and it is committed to investing in projects that enhance the quality of life and economic prospects for people in the regions it serves. The organization values inclusiveness, innovation, trust, and responsibility, which are integral to its operations and culture.

Job Overview:
As a Junior security" style="border-bottom: 1px dotted #007bff !important;">Security Pen Test Engineer, you will play a crucial role in enhancing the cybersecurity posture of the organization. This position is designed for individuals who are eager to develop their skills in penetration testing and vulnerability assessment. You will be responsible for conducting end-to-end vulnerability scans, analyzing reconnaissance data, and validating weaknesses through real-world exploitation techniques. Your work will involve using industry-leading tools such as Kali, Metasploit, and Cobalt Strike to ensure that the organization's endpoints, applications, and cloud assets are secure against potential threats. This role is an excellent opportunity for someone with a hacker mindset who is passionate about cybersecurity and eager to learn from experienced professionals in the field. You will be expected to translate raw findings into actionable risk-reduction strategies, analyze threat intelligence feeds, and collaborate with red-teamers and defenders to strengthen the organization's security measures.

Duties and Responsibilities:

• Support the planning, development, and execution of vulnerability scans of the organization's information systems.
• Assist in identifying and resolving false positive findings in assessment results.
• Conduct reconnaissance and information collection on the target environment or attack surface.
• Identify potential weaknesses and vulnerabilities on assets, including endpoints, applications, and users.
• Validate weaknesses through exploitation and report findings.
• Provide recommendations on security controls and corrective actions to mitigate technical and business risks.
• Create hypotheses for analytics and testing of threat data.
• Analyze data from threat and vulnerability feeds for applicability to the organization.
• Generate reports on assessment findings and summarize them to facilitate remediation tasks. 1
• Communicate lessons learned, initial indicators of detection, and opportunities for strengthening signature-based detection capabilities.

Required Qualifications:
Candidates should possess a high level of technical expertise in cybersecurity, including familiarity with penetration and intrusion techniques and attack vectors. A solid understanding of web technologies and core security fundamentals is essential. Familiarity with the OWASP Top 10 vulnerabilities is required, along with knowledge of offensive tools such as Metasploit, Kali Linux, Cobalt Strike, and Mimikatz. Proficiency in creating scripts and regular expressions in a preferred scripting language is necessary. Additionally, candidates should have technical knowledge of system security vulnerabilities and remediation techniques, as well as network and web-related protocols such as TCP/IP, UDP, IPSEC, and HTTP. Knowledge in security engineering, system and network security, authentication, and security protocols is also important. While certifications such as Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), GIAC Certified Pen Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Certified Security Professional (OSCP), and Offensive Security Certified (OSC) are desired, they are not essential.

Educational Background:
A relevant educational background in cybersecurity, computer science, information technology, or a related field is required. Candidates should have a strong foundation in technical concepts related to cybersecurity and information systems.

Experience:
Candidates should have some level of experience in cybersecurity, particularly in penetration testing or vulnerability assessment. This could include internships, academic projects, or previous employment in a related field. A demonstrated interest in cybersecurity through personal projects or participation in relevant competitions or training programs will be advantageous.

Languages:
Fluency in English is mandatory, as it is the primary language of communication within the organization. Knowledge of additional languages may be considered an asset, particularly those relevant to the regions in which the EBRD operates.

Additional Notes:
This position is a fixed-term contract lasting for 3 years. The EBRD promotes a hybrid working culture, encouraging collaboration in person at least three days a week. The organization values diversity and inclusion, welcoming applications from all qualified candidates regardless of their background. The EBRD offers a comprehensive suite of competitive benefits and prioritizes employee wellbeing.