IT Security Engineer (Red team)/ Penetration tester

As an IT Security Engineer (Red Team) / Penetration Tester at Evolution, you will be responsible for troubleshooting application defects and vulnerabilities, conducting security investigations, and performing both manual and user acceptance tests based on standards like OWASP. Your role will involve researching new threats, recommending remedial actions, and guiding security activities in the application development lifecycle. You will also write detailed bug reports and work on compliance efforts, making a significant impact to ensure the safety of our systems.

To succeed as an IT Security Engineer (Red Team) / Penetration Tester at Evolution, candidates should possess a higher education degree, excellent English proficiency, and strong team collaboration skills. Proven experience in security engineering, system and network security, along with detailed knowledge of testing and auditing techniques is critical. Candidates should also have experience in web application development, source code review, and be familiar with penetration testing methodologies and tools.

At Evolution, IT Security Engineers (Red Team) / Penetration Testers can expect tailored career programs designed to help them grow and showcase their skills. The nurturing environment encourages innovation and offers company-funded training to keep you ahead of industry trends. With a blend of large company benefits and the creativity of a startup culture, you'll find multiple pathways to enhance your career in cyber security.

Evolution provides an inspiring work environment perfect for IT Security Engineers (Red Team) / Penetration Testers. The company offers a hybrid work model to promote work-life balance, coupled with modern office facilities located in the city center that feature incredible views. You'll enjoy flexibility with working hours and benefits like additional medical insurance and a multisport card for a healthy lifestyle.

For the IT Security Engineer (Red Team) / Penetration Tester position at Evolution, candidates with technical expertise in security protocols, application security, and systems vulnerabilities are highly preferred. Familiarity with scripting languages such as Scala, Perl, Java, or PHP is advantageous, along with certifications like OSCP or OSWE. Hands-on experience with CTFs or Capture The Flag events will also enhance your candidacy.

When answering this question, detail specific instances where you performed vulnerability assessments, outlining the tools you used and the methodologies employed. Highlight any successful outcomes or remediation plans you developed post-testing, demonstrating your expertise and tactical approach to security-related challenges.

Start by explaining the stages of a penetration test, including planning, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. Emphasize your attention to detail, adherence to compliance standards, and your ability to communicate findings effectively to stakeholders.

Discuss your regular engagement with industry resources such as security blogs, webinars, forums, and relevant communities. Mention any certifications you pursue or attendances at conferences, which showcase your commitment to continuous learning and adaptation to the ever-evolving threat landscape.

Detail your knowledge of security frameworks like OWASP, NIST, or ISO standards. Provide examples of how you've implemented these frameworks in your previous roles, reinforcing your understanding of compliance and effective security practices within application development.

Prepare a case study of a past security investigation, explaining the context, problem, your investigative approach, tools utilized, and the resolution. Highlight teamwork, the measures taken for vulnerability mitigation, and lessons learned from the experience.

Explain your methodology for integrating security measures during the Software Development Lifecycle (SDLC). Cite practices such as security code reviews, threat modeling sessions, and collaborating with development teams to ensure security is prioritized, resulting in safer applications.

Illustrate your role in security compliance initiatives, such as preparing for audits or conducting risk assessments. Discuss how you align security strategies with compliance requirements, emphasizing any successful experiences mitigating identified risks and improving organizational security posture.

Clarify your understanding of application security principles, attack vectors, and prevention strategies. Delve into your knowledge of cryptographic protocols, discussing how you've applied encryption techniques to protect sensitive data and ensure secure communication.

Describe your methodical approach to documenting vulnerabilities, ensuring clarity and specificity in your bug reports. Highlight the importance of prioritizing risks, outlining affected systems, and recommending remediation strategies to guide teams in addressing reported issues effectively.

Share your passion for gaming and security aspects that align with Evolution's mission. Express excitement about contributing to an innovative company, emphasizing your desire to help enhance player experiences through robust security measures that ensure trust and safety in online gaming.