About the job
As a Penetration Tester, you will be a part of the Poloniex security team, reporting to the Security Manager, helping us secure, evolve, and grow our world-class cryptocurrency exchange, bringing the future of finance to emerging global markets. You will work with fellow Security engineers in the Singapore office and a diverse team of remote security engineers in the United States while collaborating with distributed international teams. The Penetration Tester will be expected to perform enterprise and system-focused network and application penetration test engagements. The pentester will communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and peers. Apply security testing and penetration testing techniques and mindset to a wide range of projects.
What you’ll be responsible for:
● Operate a hands-on role involving penetration testing and vulnerability assessment, activities of complex applications, and mobile applications.
● Identify 3rd-party pentesting companies and be the main point of contact for them.
● Plan and create penetration methods, scripts, and tests.
● Create reports and recommendations from findings, security issues, and level of risk.
● Advise on methods to fix or lower security risks.
● Present findings, risks, and conclusions to management and stakeholders.
● Produce actionable, threat-based, reports on security testing results.
● Automate penetration and other security testing on networks, systems, and applications.
What you will bring to the team:
● Bachelor’s degree and or four or more years of related work experience.
● Ability to work independently, only interacting with some team members when time zones align.
● Exceptional verbal and written communication skills in English and Mandarin.
● Ability to communicate complex technical concepts to diverse audiences.
● Hands-on experience with testing frameworks such as the PTES and OWASP.
● Experience in the software development lifecycle and agile methodologies.
● Development of security tools, automation, or frameworks.
● In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell).
● Relevant Pen Test certifications, e.g. OSCP, CEH, GPEN are a plus.
● Willingness to take meetings outside of regular business hours to accommodate people in different time zones.