Senior Penetration Tester

**Company Description**
Do you have experience in Penetration Testing and Application Security? Does your toolbox contain Burp Suite, Nmap, Metasploit, etc.? Are you active on HackerOne, Hack The Box or Root Me?

We'd be more than pleased to meet you then

ARHS Spikeseed is looking for a **Senior** **Penetration Tester** **(M/F)** with penetration testing skills and security best practices knowledge.

You will join a security team, based in Luxembourg, working on a number of cutting-edge projects that are shaping the digital side of Europe, no less

This position is** full-time, on-site, in Luxembourg-city.**
**Job Description** As part of our Security Team, you will be responsible for**:

- Execute penetration tests in grey-box and black-box environments, targeting both known and undisclosed systems.
- Perform mobile app security assessments on both Android and iOS platforms, focusing on areas like data storage, cryptography, network communication, and user authentication.
- Help in the continuous improvement of our software development practices, making sure that security is always taken seriously by developers;
- Propose mitigation strategies and/or secure architectures to address weaknesses in the systems you analyse;
- Understand customer security requirements and devise solutions that guarantee the security properties needed to satisfy those requirements;
- Have critical thinking skills to analyse current penetration testing methodologies and propose strategies to improve them;
- Write concise and technically sound reports for the customer;
- Mutually share and strengthen your knowledge with the rest of the team;
- Be a driver of change and innovation within the company.

**Qualifications** Your Profile**
- You preferably have a Master's degree in Computer Science or Information Security, and IT security was one of your main options.
- You have at least 4 years of experience in a similar position;
- You have experience in Internal pentest and / or Red team exercise;
- Strong analytical, problem-solving, and communication skills, both written and verbal
- You are quick to adapt to new technologies, and you like to stay up to date with the latest attacks against widely deployed systems.
- Ability to work independently, adapt to new challenges, and manage complex testing scenarios with high autonomy.
- Certification as OSCP, OSCE
- Experience in Reverse Engineering
- Knowledge in Cloud Security Practices

Besides that, you are familiar with the following:

- Testing VOIP/Wifi/anti-virus (AV) bypass
- Programming and scripting languages such as Java, C/C++, PHP, Python;
- OSI/TCP stack and general computer networks concepts;
- OWASP Top 10 and SANS Top 25;
- DevSecOps and Secure SDLC principles;
- Cloud (AWS/Azure) principles;
- Burp Suite Professional;
- Kali Linux;
- Agile practices;
Bonus:

- You have the know-how required to develop your own exploits and participate in bug bounty programs.
- You have former experience as a software developer

You have or are planning to obtain one or more of the certifications that follow:

- OSCP
- OSWE
- eCPPTv2
- AWS Certified Security
- Azure Security Engineer Associate
- CHFI
- GIAC GPEN

We are basically looking for someone that:

- Has tremendous interest for state-of-the-art technologies and penetration testing methodologies;
- Is a team player;
- Is (very) curious and (very) creative, autonomous, and dynamic;
- Has the ability to look at things from multiple angles at the same time.

**Additional Information** ARȠS?**

Arηs is a fully **independent** group of companies specialized in managing complex **IT projects and systems** for **large organisations**, focusing on state-of-the-art software development, business intelligence and infrastructure services.

We are composed of 14 entities across 6 countries that are unified by the Arηs Group, with more than **2200 consultants**.

This corporate structure enables us to respond quickly to market changes and customer requests, and to communicate and make decisions without layers of bureaucracy.

Our success can be attributed to the synergy among our nine complementary entities, combined with our methodologies, which are based on the Rational Unified Process (RUP) and the Scrum agile software development framework.

**_
Our Vision and Values_**

Our vision is to be the most caring and reliable IT company on the market place for both clients and our people.

Our values are**:caring, agility, excellence, innovation, continual improvement, and reliability**.

Our values support our vision by leveraging excellence, striving for results, ensuring commitment and promoting adaptability.

**_ Our Culture_**

We work in close partnership with our customers, turning their needs into benefits; We promote a dynamic local environment where both young and experience people can realize themselves; We leverage a flexible, independent and responsive organization.

**_ Our Brand_**

The ArȠs (pronounce [aris]) name comes from