1. NATURE OF THE TASKS
• Establishing a clear scope for the penetration test based on specific and measurable rules of engagement
• Preparing, planning and coordinating the execution of the tests
• Scanning and probing targets
• Determining the feasibility of a particular set of attack vectors
• Attacking and exploiting targets in line with the rules of engagement with the aim of proving the true feasibility of one or several killing chains
• Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
• Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
• Assessing the magnitude of potential business and operational impacts of successful attacks
• Testing the ability of network defenders to successfully detect and respond to the attacks
• Performing risk, impact and damage assessments
• Providing intermediate reports on regular basis
• Providing recommendations such as mitigating the identified exploitable vulnerabilities
• Drafting penetration testing reports tailored for management and technical peers
• Maintenance and continuous improvement of the penetration testing toolkit
• Interfacing with other experts
• Contribution to awareness trainings
2. KNOWLEDGE AND SKILLS
Specific Requirements (Experience with or Professional Knowledge)
• Scoping of penetration tests
• Planning of penetration tests
• Execution of penetration tests
• Vulnerability Assessment
• Exploit Development
• Security Assessments and Audits
Methodologies (Experience with or Professional Knowledge)
• Risk Assessment Methodologies such as EBIOS, CRAMM, PILAR or equivalent
• SSDLC Methodologies
Standards (Experience with or Professional Knowledge)
• OWASP
• ASVS
• SAAM
Certifications
At least one (1) certification among or subject to a refined list (subset of the existing)
• OSCP (Offensive Security Certified Professional)
• OSCE (Offensive Security Certified Expert)
• OSWP (Offensive Security Wireless Professional)
• OSEE (Offensive Security Exploitation Expert)
• OSWE (Offensive Security Web Expert)
• CEH (EC-Council Certified Penetration Tester)
• GPEN (GIAC Certified Penetration Tester)
• GWAPT (GIAC Certified Web Application Penetration Tester)
• GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
• GAWN (GIAC Certified Assessing and Auditing Wireless Networks)
• GMOB (GIAC Mobile Device Security Analyst)
• or an equivalent certification recognized internationally (subject to acceptance as a valid credential by client)