About the Company
Our client is a boutique, source code focused security consultancy in Auckland. They're deeply embedded in client environments, trusted by the biggest players, and obsessed with quality. 

About the role
Pentester is focused on assessing and challenging the security posture across a comprehensive portfolio of clients. They're after a someone who treats access like a puzzle, not a checklist. Someone who lives for code assisted compromise, logic breaks, obscure misconfigs and the kind of findings that leave devs saying, “how the hell did you find that?  You can be client-facing (could be optional), code deep, and surrounded by a team that values depth over noise.
No throwaway PDFs. No black-box theatre. Just bunch of hacker mindset people doing interesting work! 
Responsibilities 

•  Proven penetration testing abilities, ability to carry out manual penetration tests and use automated penetration testing tools.
• Experience reviewing web applications, thick client, source code, operating system and network security architectures. Expert level skills with testing tools including: Burpsuite, Kali Linux, nmap, sqlmap etc.
• Offensive/Red-team experience - knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Proven ability to program and script in a variety of programming/scripting languages.
• Knowledge of either *-nix, Windows or Mac OS internals.
• Ability to communicate practical impact of vulnerabilities, build proof of concept code to exploit, define effective remediations, and liaise with developers to find a suitable solution.

What you need?

• Experience delivering security testing of web based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
• Reporting and explaining the results of penetration tests aimed at technical employees, managers, and executives.
• Min of 4 years of offensive security experience in either product or service based company (ideally white box, source code supported testing)
• Recognized certifications (e.g., CRT, OSCP, OSWE, OSCE) in the field of penetration testing
• Good analytical skills to understand the implications of security threats
• Good verbal and written communication skills to ensure business and technical risks as clearly communicated
• Experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
• Experience developing and/or reviewing source code
• Experience reviewing cloud infrastructure configurations and infrastructure as code
• Experience working within a software development team and environments with frequent change

What's in it for you?

• On going personalised training programs and R&D time.
• Tailor made career development plans with unlimited opportunities to grow within the business.
• Market aligned salary with share options for the right person!
• Supportive, caring and empowering leadership
• On going social events, yearly team events!
• Opportunities to attend events and conferences
• Flexible work, care about your life outside of work. Hybrid model.

Need more information? Please contact yaman@84recruitment.co.nz