Aguila Consulting
Soar to where only eagles dare
Conduct indepth penetration testing of cloud environments AWS Azure GCP focusing on identifying complex vulnerabilities and security misconfigurations
Perform penetration testing of containerized applications Docker Kubernetes and serverless architectures
Develop and execute custom penetration testing methodologies and tools to simulate realworld attacks
Expertise in manual penetration testing techniques and the use of advanced offensive security tools Burp Suite Cobalt Strike Metasploit etc
Utilize commercial security tools such as Checkmarx Invicti and Synopsys for static and dynamic analysis
Familiarity with security frameworks and approaches such as SAST DAST fuzzing propertybased testing symbolic execution and network simulation
Perform comprehensive security assessments of RESTful and other API architectures
Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms
Perform security testing for distributed systems and microservices
Expert knowledge of hacking authentication methods such as OAuth SAML and JWT
Knowledge of macOS and Windows Active Directory systems and their security implications
Deep understanding of Linux operating systems and their security implications
Ability to analyze and understand complex software architectures and codebases
Work closely with software engineers to provide security guidance and recommendations
Basic knowledge of Python or Go programming languages for scripting and tool development
Collaborate effectively with crossfunctional teams including software engineers cloud architects and security professionals
Communicate security findings and recommendations clearly and concisely to both technical and nontechnical audiences
Stay uptodate on the latest cloud security threats vulnerabilities and attack techniques
Conduct security research and develop new penetration testing methodologies
Have experience in threat modelling redblue teaming working with bestinclass independent engineering teams
NicetoHave
Administer and optimize Cloud Security Posture Management CSPM and SaaS Security Posture Management SSPM tools
Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection
Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments
Configure deploy and maintain Web Application Firewalls WAF in production and development environments
Qualifications
BA or BSc in Computer Science Information Security or a related field
6 years of experience in penetration testing with a strong focus on cloud security
Expertlevel knowledge of cloud platforms AWS Azure GCP and their security services
Proven experience in API security testing and authentication hacking
Strong understanding of Linux macOS and Windows Active directory operating systems and software development practices
Proficiency in using penetration testing tools and frameworks including commercial tools like Checkmarx Invicti and Synopsys etc
Excellent communication and collaboration skills
Deep understanding of the MITRE ATTCK framework
Experience working in a software development environment
NicetoHave
Relevant security certifications eg OSCP OSCE GPEN GWAPT
Experience with CSPM and SSPM tools
Skills
Mandatory Skills : Network Protocol – L2 Protocols, Network Protocol – L3 Protocols
Good to Have Skills : Business Architecture, Digital Enhanced Cordless Telecommunications, Packet Core and Policy Control, SDM