job

We are hiring yet again - pentester job

alla — Wed, 22 May 2019 10:06:26 +0000

We are hiring yet again - pentester job

We are looking for a penetration tester again. The business has been growing steadily and we need more people.

We will prefer somebody from Belgium or EU, but will consider applications from other countries also. We are located in Brussels, Belgium. The job is full time, mostly on customer sites in Belgium.

The job involves performing security testing, alone or in a team. We perform a wide variety of security tests, from web applications security to hardware hacking, from low-level network security testing to telephony and VoIP security. What kind of tests you will be involved in depends on your interests and skill set. Apart from testing, you will have to write project reports, and interact with the clients before, during and after the test execution. You might also have to develop tools or use and adapt tools developed by other team members. Some project management is also expected.

You will constantly have the opportunity to work with new products and technologies, learn new tools and techniques and share the knowledge.

You get a competitive salary, a company car, laptop, cell phone subscription, Internet connection at home paid, home office compensation, rail pass, etc. The conditions are negotiable (see the previous job ad with regards to cream toffees).

We are looking for somebody with a solid background in IT security, ideally an experienced pentester. We would like to see:

In-depth knowledge of and interest in computer security. You are familiar with the concepts, tools and methods used in IT security and specifically in penetration testing. Most importantly, you love security, you enjoy hacking, when you figure out how to exploit some tricky bug you feel happy for the rest of the day.
Prior experience in penetration testing is a huge plus
Knowledge of web application technologies and web application security. Familiarity with web application testing tools, such as intercepting proxies, application vulnerability scanners, etc. You have used intercepting proxies, you can exploit an SQL injection manually or with a tool, you know why there is more to XSS than <script>alert(1);</script> (and you can write the that script-alert-script thingy without having to look up the syntax. I wish I was joking)
In-depth knowledge of TCP/IP and application-level protocols and their security concepts. I mean more than "what's the difference between TCP and UDP?" sort of questions.
Understanding of networking on link level is a plus
Knowledge of operating system security concepts (and if you understand the security architecture of iOS and Android and can explain the differences, we love you already)
Knowledge of mobile application security is a plus
Knowledge of voice technologies is a plus
Working knowledge of electronics is a plus
Ability to code and read other people's code. If you have done security source code reviews, that's great.
Ability to speak and write clearly in English is a requirement, knowledge of French and Dutch is a plus
Send your CV to info@gremwell.com with [Job] in the subject.

alla Wed, 05/22/2019 - 12:06

We are hiring again!

alla — Thu, 06 Dec 2012 10:07:15 +0000

We are hiring again!

Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium, working remotely may be possible for some projects, but most of the time you'll have to be on site.

alla Thu, 12/06/2012 - 11:07

We Are Hiring

alla — Thu, 08 Mar 2012 14:15:26 +0000

We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

Obviously, you get a salary, and other perks, such as a laptop, cell phone, a paid Internet connection at home, hospitalisation insurance, etc. Pay and benefits are discussable, so if, for example, you always dreamt of getting your bonuses in cream toffees, that can be arranged.

We are looking for penetration testers with a broad knowledge in IT security domain, but if you happen to specialise in some area this is ok as well. For web application penetration testers we are looking for:

Web application knowledge. You understand HTTP, you can read/write HTML and JavaScript, you understand web application security. You can use intercepting proxies. You can read (and write at least a "hello world" with minimum Googling) in common web development languages (Java, ASP, .NET, PHP). Web development knowledge is a large plus.
Security. Uhm, I don't know exactly how to describe it. You know and love security. If you are asked what XSS is, you can talk for half an hour. You can exploit an SQL injection where automated tools fail (okay, at least sometimes). You can explain why an invalid SSL certificate on a server is a bad thing.
Human interface. You can write a report that people won't mind reading. You can talk to people and explain security to them. You can think about security in terms of business impact. You can speak and write in English (uhm, and read and listen too). Dutch and French in addition to English are also welcome.
Certificates. Nice to have.

For more network-oriented penetration testers we are looking for:

Excellent knowledge of networking - link level, TCP/IP, application level. You know how to capture network traffic and you know what to do with it once you captured it. Experience in system/network administration is a plus.
Familiarity with Windows and Unix/Linux. You can use them, you can install and configure them, you understand the security models.
Programming. You can script. Perl, python, ruby, shell, whatever you like. The more the better. At least you should be able to read and fix Perl/shell scripts.

Also, if you are good in Java and willing to help with development of MagicTree, it is a plus. If you don't know what is MagicTree, it is a minus.

Looks good? Send your CV to info@gremwell.com with [Job] in the subject.

alla Thu, 03/08/2012 - 15:15