- Perform security assessment in software applications, protocols, and networkservices via blackbox fuzzing or source code review.
- Research new attacking techniques and cutting edge security topics.
- Develop/Write exploit for published/unpublished vulnerabilities.
- Document technical issues and findings identified during the security assessment.
- Deliver professional onsite and remote briefings to clients based on results ofsecurity assessments.
- Assist clients with questions regarding vulnerabilities and the remediationefforts involved in eliminating them.
- Write tools to automate assessment tasks and improve work efficiency.
Skills and Experience
- Minimum 2 years of direct security experience. Fresh graduates are welcomed if the answers are Yes to Item 7, 8, 9, and 10.
- Solid understanding of various protocols from the application layer to the Ethernet layer.
- Familiar with various network topologies and standards such as LAN/WAN/VPN/Wireless LAN.
- Advanced knowledge in internals of Windows or Unix/Linux operating system.You are not required to be an expert in both OS but you have to be an expert in at least one.
- Familiar with various security tools including port scanners, vulnerability scanners (network/OS/app/web/mobile app), exploit frameworks, sniffers, password crackers, and wireless auditing tools.
- Familiar with various penetration testing and application testing techniques.
- Proficient in at least one of the following programming/scripting languages: Python, C#, C, Golang, Assembly, PHP, and Bash. Other programming language can be considered.
- Practical knowledge in exploit writing/development.
- Familiar with debugger tools such as IDA Pro, WinDBG, Immunity Debugger, and gdb.
- Experience in CTF competitions or Bug Bounty programs.
- Good command in both Written and Spoken English.
- An ability to work under a dynamic environment and remotely.
- Good team player.
- Able to work under pressure with positive attitude towards the team.
- Reliable responsibility.
- Must be able to travel abroad
ECQ firmly believes in Skills and Quality of Work. No certification or degree is required. All candidates are welcomed and will be screened through technical interview. All applications will be treated as strictly confidential. Successful candidate will receive attractive remuneration package. Interested applicants please submit your application and resume with a recent photo either by post or e-mail to the following address.