Job Description:
DXC Technology is a global professional services company whose mission is to lead the digital transformation of our clients by advising and guiding them in the application of technology to obtain the best results and increase the competitiveness of their companies. With more than 130,000 professionals and expert technologists, collaborating in more than 70 countries together with an exceptional network of partners, we offer advanced IT services and solutions.
In Spain, we are one of the main leaders in the IT market. We have nearly 8,000 professionals, distributed in thirteen locations, with centers of excellence in cutting-edge technologies such as Cloud, Business Intelligence, AI, or Automation among many others, serving more than 200 customers from all industries in the public and private sectors. We work with leading companies in the country that trust us to guide their digital transformation.
We develop active policies of diversity and inclusion of people with disabilities and we are proud to have a representation of approximately 49% of female professionals.
At DXC Spain we are looking for a Pentester to join our great team of Security Iberia.
Requirements:
- Experience in offensive cybersecurity, including penetration testing or red teaming.
- Advanced English proficiency and excellent communication skills, able to address stakeholders of varying technical backgrounds.
- Knowledge of German is a plus.
- Deep knowledge of infrastructure solutions, cloud technologies, networking, databases, web technologies, and Artificial Intelligence.
- Proficiency in system administration and command-line tools in Linux and Microsoft Windows systems.
- Experience in bash/shell scripting, Python, and other programming languages.
- Familiarity with security frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, OWASP, and NIST.
- Experience with initial access and reconnaissance tools, including Blood Hound.
- Experience with credential extraction and lateral movement tools and techniques, such as Mimikatz, CrackMapExec, SharpRDP, or similar.
- Knowledge of persistence tools and Command and Control platforms, such as Cobalt Strike or Empire.
- Experience in pentesting cloud environments, primarily Microsoft Azure and Amazon AWS.
Tasks:
- Delivering technical tasks on our engagements.
- Providing high-quality technical solutions to clients.
- Assisting in the identification, resolution, and documentation of security incidents.
- Offering guidance and mentoring to adjacent teams and team members.
- Understanding the purpose of the assets to be pentested, learning their business relevance, and identifying worst-case scenarios for focused exploitation.
- Executing penetration test activities, documenting all actions, and employing current TTPs used by real-world attackers.
- Documenting penetration test results, including technical documentation.
- Supporting the penetration testing lead in organizing, following up, and reporting on pentest-related activities.
- Creating and maintaining offensive-related toolsets, including applications and infrastructure.
- Automating offensive-related scans, including detection, exploitation, and reporting.
- Assisting IT administrators in understanding exploitation findings and proposing remediation recommendations and best practices.
- Supporting Red Team activities on demand.
- Leading and executing intrusion campaigns using Red Team techniques to simulate realistic attacks.
- Developing attack strategies and tactics tailored to clients' specific environments based on Threat Intelligence.
- Enhancing and maintaining the offensive security team's infrastructures and tools.
- Researching and developing new tools and techniques for intrusion exercises.
- Identifying and exploiting vulnerabilities in client systems, applications, and networks.
- Generating detailed reports documenting findings, methodologies, and recommendations for improving client security posture.
- Providing technical advice and recommendations on corrective measures and security improvements based on assessment results.
- Participating in client meetings to discuss assessment findings, explain identified risks, and provide guidance on recommendations.
Nice to have:
- Certifications such as CEH, OSCP, OSWE, GPEN, or other equivalent security certifications.
- Programming skills in Python, C#, C/C++, Go, etc.
- Experience applying Red Team frameworks in project planning and execution.
- Strong networking and associated protocol knowledge and experience.
- Knowledge and experience in mobile security (OS, RF, and App).
- Experience in SDLC implementation and testing.
- Software development or programming/scripting abilities.
- Applied security research experience.
- Applied cryptography, mathematics, or computer science experience.
- Application security threat modeling.
- Source code review.
What will you find at DXC?
- Professional development.
- Leading projects in market reference clients.
- Excellent work environment.
- Flexibility and work-life balance.
- Work with leading technologies within the IT sector.
- Access to DXC University with unlimited certifications.
- Social and responsible commitment.
- Stable employment.
- Social benefits.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.