Expert Penetration Tester / Ethical Hacker

Job ID: 21921

Would you like to legally hack into the bank? We are now looking for an IT Security Penetration Tester / Ethical Hacker to help us protect the bank.

In Nordea, we’re harnessing the power of technology to reinvent the future of banking. A tech revolution is underway – and you can make an impact. Though we’re a Nordic bank, we’re also one of the largest IT employers in Tricity and Warsaw. Working with international teams in an inspiring working environment, you’ll have lots of opportunities to expand your skills

About this opportunity

Welcome to the Cyber Security Testing Team. We add value by de-risking the bank and early detecting security issues in the IT infrastructure and applications. As the IT Security Penetration Tester, you'll play a valuable role in Security Testing process and threat hunting activities in order to enlist and prioritize all security issues which can disturb services or weaken the bank reputation.

What you’ll be doing:

• Penetration tests of IT solutions used in bank
• Performing Vulnerability assessment
• Being actively involved in expansion of capabilities of Security Testing Team
• Writing and/or reviewing Security Test Reports
• Protecting the Bank 

You will join 10 professionals in the Internal Security Testing Team inside Cyber Security area. The role is based in Tricity or Warsaw. Our organization follows a hybrid work structure where employees collaborate in the office and work remotely from home.

Who you are

Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best — and that we imagine you share with us.

To succeed in this role, we believe that you:  

• Are eager to constantly learn new things and share this knowledge with others
• Are creative out-of-the-box thinker, self-motivated and persistent
• Can work independently, as well as in the team

Your experience and background:

• 5+ years’ experience in penetration testing / red teaming / purple teaming
• Knowledge of penetration testing tools (e.g. Burp Suite, Metasploit, Nmap, Wireshark, IDA Pro)                             
• Knowledge of common operating systems Windows/Linux (Kali distribution)
• Knowledge about networking routing, network separation, lateral movement etc.
• Some development skills, at least at level of understanding the code written in one of the common programming languages (Java, C, Python, C# etc.)
• Ability to explain complicated things in simple language
• Familiarity with industry standards like – OWASP TOP10, OWASP ASVS, OWASP MSTG, OSSTMM
• Ability to assess vulnerabilities severity based on the CVSS
• Ability to write PoC exploit and demonstrate the exploitation mechanics
• Own CVE, bug bounty awards
• Specialization in at least two of the following:
  • Web application security
  • Infrastructure penetration testing 
  • Cloud security assessments
  • Reverse engineering
  • Code review
• Good English skills (written and spoken)
• IT Security Certifications like OSCP, OSWE, OSEP, OSED, GPEN, GXPN, WAPT, WAPTX,  MASPT, CRTP, CRTE will be the additional asset

Nice to have:

• Experience with OSINT / CTF's
• GitHub profile with self-written tools
• Blogs / publications on Cybersecurity topics / Conference talks

If this sounds like you, get in touch!
 

Next steps

At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics and traits make us better at serving customers and communities. So please come as you are.

Please include permit for processing personal data in CV as following:

In accordance with art. 6 (1) a and b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter ‘GDPR’. I agree to have: my personal data, education and employment history proceeded for the purposes of current and future recruitment processes in Nordea Bank Abp.

The administrator of your personal data is: Nordea Bank Abp operating in Poland through its Branch, address: Aleja Edwarda Rydza Śmiglego 20, 93-281 Łodź. Your personal data will be processed for the recruitment processes in Nordea Bank Abp. You have a right to access your personal data, right to rectify and right to delete. Disclosing the personal data in the scope specified by the provisions of Polish Labour Code from 26 June 1974 and executive acts are mandatory. Providing personal data is necessary to conduct the recruitment processes. The request for the deletion of your personal data means resignation from further participation in recruitment processes and causes the immediate removal of your application. Detailed information concerning processing of your personal data can be found at: nordea.com/en/doc/nordea-privacy-policy-for-applicants.pdf

We reserve the right to reply only to selected applications.

#LI-Hybrid