Perform security assessment of Network, Operating System, and Application via security audit, vulnerability assessment, penetration testing, and application vulnerability analysis.
Perform vulnerability research in software applications, protocols, and network services via blackbox fuzzing or source code review.
Research new attacking techniques and cutting edge security topics.
Develop / Write exploit or use public exploit to gain access to the network.
Document technical issues and findings identified during the security assessment.
Deliver professional onsite and remote briefings to clients based on results of security assessments.
Deliver presentation and training to both technical and non-technical audiences.
Assist clients with questions regarding vulnerabilities and the remediation efforts involved in eliminating them.
Improve customer deliverable through report template and procedural updates.
Write scripts to automate assessment tasks and improve work efficiency.
I / Technical skills
In-depth knowledge the TCP / IP stack.
Solid understanding of various protocols from the application layer to the Ethernet layer.
Familiar with various network topologies and standards such as LAN / WAN / VPN / Wireless LAN.
Expert or advanced knowledge in internals of Windows or Unix / Linux operating system. You are not required to be an expert in both OS but you have to be an expert in at least one.
Familiar with various security tools including port scanners, vulnerability scanners (network / OS / app / web app), exploit frameworks, sniffers, password crackers, and wireless auditing tools.
Familiar with various penetration testing and application testing techniques.
Strong knowledge in web application attacks and defenses.
Proficient in at least one of the following programming / scripting languages : Python, C, Golang, Assembly, Perl, and Bash.
Other programming language can be considered.
Practical knowledge in exploit writing / development.
Familiar with debugger tools such as IDA Pro, WinDBG, Immunity Debugger, and gdb.
II / Soft Skills
Good command in both Written and Spoken English.
An ability to work under a dynamic environment and remotely.
Good team player.
Able to work under pressure with positive attitude towards the team.
Must be able to travel abroad.
ECQ firmly believes in Skills and Quality of Work. No certification or degree is required. All candidates are welcomed and will be screened through technical interview.