Pen Tester

About the Role

Why Join Us?

Become part of a global collective of seasoned white-hat hackers. You will collaborate with both Check Point and external clients across diverse industry verticals worldwide. This role offers significant exposure to cutting-edge cyber threats, working closely with Check Point's research and Incident Response Teams (IRT).

Key Responsibilities

• Conduct penetration testing (ethical hacking) for applications and network environments.
• Develop comprehensive testing plans and author detailed penetration test reports.
• Perform reconnaissance and network surveys to map target environments.
• Research new tools and security exploits, and contribute to security findings through blogging.
• Continuously learn and gain proficiency in:
  • Web applications and services.
  • Firewall, IPsec & SSL VPNs, IDS/IPS, WLANs.
  • Database functions, interactions, and communications.
  • Commercial and open-source security tools (e.g., Nessus, Nmap, Netcat, Metasploit, Burp Suite, Bloodhound, Empire, Wireshark, hypervisors, run-live distros).
  • Scripting languages (Python, PowerShell, JavaScript, Bash) and application development.
• Stay current with emerging tools, countermeasures, threats, and technologies.
• Share knowledge and mentor junior team members and peers.
• Develop and refine security tools, templates, and methodologies.
• Analyze vulnerabilities, identify weaknesses, exploit them, and escalate access.
• Assist with malware analysis and breach investigations.
• Demonstrate a proactive approach to asking questions and acquiring knowledge to address engagement challenges.

Qualifications

• Proficiency in ethical hacking practices and procedures.
• Proven experience in web application penetration testing using the OWASP methodology.
• Experience with offensive tools such as Fiddler, Burp Suite, and SQLmap.
• Experience managing networks and systems on both Windows and Unix platforms.
• Solid understanding of general information security principles.
• Required coding and scripting experience (Python and Bash).
• Experience exploiting security vulnerabilities and remediating them (in personal labs, capture-the-flag events, or similar environments).
• Ability to communicate effectively with C-level executives, technical staff, and non-technical audiences.
• Maintain composure under pressure and interact professionally with colleagues across the organization.
• Experience in penetration testing operational technologies (OT) is considered an advantage.
• OSCP or OSWE certifications are considered an advantage.
• Red team capabilities are considered an advantage.