Details of the offer for AUDITOR/PENTESTER (M/F) about pentesting at Conix Security (Conix Technologies et services) in Issy Les Moulineaux

Conix Cybersecurity is the Business Unit in the Conix group that is specialized in the IT security field. It operates in technical expertise and counsel, and it stands out through its ability to innovate to respond to its clients concerns: proximity with the production teams, flexibility during operations, the ability to operate in production environments, are all elements that set CONIX security apart from its competitors and ensure its success.

 

DESCRIPTION:

Conix penetration tester/Auditor will work in a team of 10 peopole  performing weekly or monthly projects.  During each security audit or penetration test, the incumbent will follow an approved methodology, scope, and rules of engagement in order to identify vulnerabilities which could allow an attacker to compromise the confidentiality, integrity, or availability of client information and/or information systems. 

  • Penetration Test or Red Team, according to the methodology
    • External (from the internet)
      • Open source information gathering (OSINT)
      • External scanning (Nessus,
      • Security scope :
        • Technical information : domains, IP addresses, etc.
        • Basic information: website, brand, company name, etc.
    • Internal (from the client LAN) :
      • Domains, IP addresses.
      • Office equipement/Active Directory (Privilege escalation)
      • Rich client (Windows, Linux, Mac)
    • Connected devices (system/embedded distributions)
    • VoIP (IMS, SIP, etc.)
    • Etc.
  • Configuration audit
    • System
    • Network equipment and security equipment (firewall, router, switch, etc).

 

  • Eventually source code audit,architecture audit and organizational or physical audit

 

About 30 % of the time is dedicated to technological and opportunity watch :

  • Developing new penetration testing tools
  • Sharing with the IT security community
  • Publishing on specialized magazines and giving presentations at security conferences

QUALIFICATIONS :

Minimum 2-5 years of  experience in security audit and pentesting

 

Knowledge and experience with penetration testing frameworks and methodologies (External or Internal)

Experience with various scripting languages such as Python, PowerShell, Bash, DOS

Strong  knowledge of networking protocols, OWASP, mobiles applications

Strong understanding of various operating systems such as Windows (server and workstation), Linux, Unix, Cisco, etc.

Apply