Pon - Security Analyst

Wat ga je doen

As a Security Analyst you will be performing security testing on PON’s applications and IT infrastructure. Apart from this, you will be working in the Security Operations Center handling complex security incidents and ensuring that appropriate countermeasures are taken in a timely manner.

Roles and Responsibilities

• Execute engagements in application security assessments, infrastructure security Penetration Testing, and Vulnerability Assessment on IT infrastructure, interpret the results and determine the business impact together with the security managers and the business.
• Profile an application, identifying threats, and developing test cases to target identified threats.
• Identify and exploit vulnerabilities in applications and infrastructure.
• Prepare reports documenting identified issues based on guidelines and industry standards.
• Interact with business in a collaborative consultative manner to deliver results, provide feedback and remediation recommendations on findings.
• Act as a consultant/advisor in presenting risk and mitigation controls to the business based on the assessments, for example identify potential vulnerabilities based on misconfiguration, policy, or design flaws on the organization's IT applications and infrastructure.
• Perform validation on Responsible Disclosures and provide remediation recommendations to business and development teams to mitigate vulnerabilities.
• Apart from these responsibilities, the analyst will be working on various technologies in the Security Operations Center like Endpoint Detection and Response, SIEM solutions, threat intelligence etc.
• Being a team player sharing your knowledge and skills with your team and learning from your teammates. 

Wat vragen we van jou

As a Security Analyst you should be innovative, independent and a critical thinker. We expect you to be vigilant at all times so that you can prevent PON’s crown jewels from being stolen, damaged or compromised by hackers.

Desired Technical Experience

• A minimum of around 3-5 years of experience in security penetration testing.
• A minimum of Bachelor's degree and relevant certifications such as OSCP, GIAC, etc.
• Experience on security testing using OWASP TOP 10, OSSTMM, SANS 25 standards as reference in Web Applications Security Assessments.
• Profiling applications, identifying threats, developing test cases and relevant threat models.
• Experience in exploitation of vulnerabilities in applications, networks and IT infrastructure.
• Experience in security testing of mobile applications/API’s of Android/iOS.
• Experience with tools like BurpSuite, Charles Proxy, OWASP Zap, Fiddler, Acunetix, NetSparker, Nessus, Nexpose, Wireshark, Nmap, etc.
• Experience on research of emerging security topics and new attack vectors.
• Knowledge on technologies like IPSEC, SSL, SSH, VPN, DNS, SMTP, FTP.
• Open to learn new things and a hands-on mentality.
• Preferably purple team skills such as penetration testing, investigation & root cause analysis, red teaming techniques, tactics and procedures, incident response or eager to learn this.

*Desired but not mandatory. If you do not meet the full experience we would still like you to apply 

Skills and Ability

• Excellent written and verbal communication skills in English and preferably also Dutch.
• Good interpersonal skills, Team player.
• Should be a self starter, Independent.
• Should be able to work 4 days on-site in Almere based on a 40 hour contract.

Note: Pre-employment screening may be performed.