Pentester

Job Description:

DXC Technology is a global professional services company whose mission is to lead the digital transformation of our clients by advising and guiding them in the application of technology to obtain the best results and increase the competitiveness of their companies.

We are looking for a skilled Pentester to join our team of experts in Security Iberia.

Requirements:

• Experience in offensive cybersecurity, including penetration testing or red teaming.
• Deep knowledge of infrastructure solutions, cloud technologies, networking, databases, web technologies, and Artificial Intelligence.
• Proficiency in system administration and command-line tools in Linux and Microsoft Windows systems.
• Experience in bash/shell scripting, Python, and other programming languages.
• Familiarity with security frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, OWASP, and NIST.
• Experience with initial access and reconnaissance tools, including Blood Hound.
• Experience with credential extraction and lateral movement tools and techniques, such as Mimikatz, CrackMapExec, SharpRDP, or similar.
• Knowledge of persistence tools and Command and Control platforms, such as Cobalt Strike or Empire.
• Experience in pentesting cloud environments, primarily Microsoft Azure and Amazon AWS.

Tasks:

• Delivering technical tasks on our engagements.
• Providing high-quality technical solutions to clients.
• Assisting in the identification, resolution, and documentation of security incidents.
• Offering guidance and mentoring to adjacent teams and team members.
• Understanding the purpose of the assets to be pentested, learning their business relevance, and identifying worst-case scenarios for focused exploitation.
• Executing penetration test activities, documenting all actions, and employing current TTPs used by real-world attackers.
• Documenting penetration test results, including technical documentation.
• Supporting the penetration testing lead in organizing, following up, and reporting on pentest-related activities.
• Creating and maintaining offensive-related toolsets, including applications and infrastructure.
• Automating offensive-related scans, including detection, exploitation, and reporting.
• Assisting IT administrators in understanding exploitation findings and proposing remediation recommendations and best practices.
• Supporting Red Team activities on demand.
• Leading and executing intrusion campaigns using Red Team techniques to simulate realistic attacks.
• Developing attack strategies and tactics tailored to clients' specific environments based on Threat Intelligence.
• Enhancing and maintaining the offensive security team's infrastructures and tools.
• Researching and developing new tools and techniques for intrusion exercises.
• Identifying and exploiting vulnerabilities in client systems, applications, and networks.
• Generating detailed reports documenting findings, methodologies, and recommendations for improving client security posture.
• Providing technical advice and recommendations on corrective measures and security improvements based on assessment results.
• Participating in client meetings to discuss assessment findings, explain identified risks, and provide guidance on recommendations.

Nice to have:

• Certifications such as CEH, OSCP, OSWE, GPEN, or other equivalent security certifications.
• Programming skills in Python, C#, C/C++, Go, etc.
• Experience applying Red Team frameworks in project planning and execution.
• Strong networking and associated protocol knowledge and experience.
• Knowledge and experience in mobile security (OS, RF, and App).
• Experience in SDLC implementation and testing.
• Software development or programming/scripting abilities.
• Applied security research experience.
• Applied cryptography, mathematics, or computer science experience.
• Application security threat modeling.
• Source code review.

What will you find at DXC?

• Professional development.
• Leading projects in market reference clients.
• Excellent work environment.
• Flexibility and work-life balance.
• Work with leading technologies within the IT sector.
• Access to DXC University with unlimited certifications.
• Social and responsible commitment.
• Stable employment.
• Social benefits.