Sr. Cybersecurity Specialist-Pentest

Orange Business is here!

About us

Join us at Orange Business!

We are a network and digital integrator that understands the entire value chain of the digital world, freeing our customers to focus on the strategic initiatives that shape their business.

Every day, you will collaborate with a team dedicated to providing consistent, sustainable global solutions, no matter where our customers operate. With over 30,000 employees across Asia, the Americas, Africa, and Europe, we offer a dynamic environment to develop and perfect your skills in a field filled with exciting challenges and opportunities.

About the role

Key Responsibilities

• Perform web and mobile application penetration testing as assigned by customers
• Work on full assessment and revalidation cases within customer-defined timelines
• Prepare reports based on penetration testing outcomes as per customer templates
• Develop new test cases and scenarios, including API penetration testing
• Develop, test, and validate solutions to remediate exploitable conditions on systems such as web servers, mail servers, routers, firewalls, and intrusion detection systems
• Provide result reports and support teams in evaluating, coding, and implementing fixes (patches) for vulnerabilities such as malicious code, SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning, and web service manipulation
• Conduct security assessments using penetration testing, ethical hacking tools, and risk assessment methodologies to identify vulnerabilities
• Perform source code reviews and configuration reviews against CIS benchmarks and security standards
• Participate in customer calls for requirement gathering, explaining findings, and technical discussions

About you

Education, Qualifications, and Certifications

• Degree/Diploma holders with good knowledge in the penetration testing domain
• Excellent verbal and written communication skills in English

Mandatory Skill Set

• Strong experience in performing security penetration testing and vulnerability assessments across internal and external environments, including web, mobile applications, wireless networks, IT infrastructure, endpoints, and cloud
• Experience in testing diverse infrastructure components such as private clouds, OpenShift, and containerized environments (Docker, etc.)
• Experience in source code reviews, red team exercises, security architecture reviews, and technical compliance assessments
• Hands-on experience with security tools such as Burp Suite, AppScan, Fortify, Wireshark, Nmap, Netcat, OWASP ZAP, Firebug, Nessus, and John the Ripper
• Knowledge of web-based applications and services (SOAP/REST APIs)
• Proficiency in report writing and test case documentation
• Relevant certifications preferred: OSCP, OSWP, OSCE, SANS, CEPT, or GIAC Certified Penetration Tester

Secondary Skill Set

• Knowledge of Azure and scripting languages

Candidate Attributes

• Brings rigor, passion for challenges, and strong determination
• Seeks opportunities to expand expertise, achieve goals, and grow professionally

What we offer

• Global Opportunities: Work in multi-national teams with opportunity to collaborate with colleagues and customers from all over the world.• Flexible Work Environment: Flexible working hours and possibility to combine work from office and home (hybrid ways of working).• Professional Development: training programs and upskilling/re-skilling opportunities.• Career Growth: Internal growth and mobility opportunities within Orange.• Caring and Daring Culture: Health and well-being programs and benefits, diversity & inclusion initiatives, CSR and employee connect events.• Reward Programs: Employee Referral Program, Change Maker Awards.

Only your skills matter

Regardless of your age, gender identity, race, ethnic origin, religion/belief, sexual orientation, marital status, neuroatypia, disability, veteran status or appearance, we encourage diversity within our teams because it is a strength for the collective and a vector of innovation. Orange Group is a disabled-friendly company and equal opportunity employer: don't hesitate to tell us about your specific needs.

Responsibilities

Key Responsibilities
- Perform web and mobile application penetration testing as assigned by customers
- Work on full assessment and revalidation cases within customer-defined timelines
- Prepare reports based on penetration testing outcomes as per customer templates
- Develop new test cases and scenarios, including API penetration testing
- Develop, test, and validate solutions to remediate exploitable conditions on systems such as web servers, mail servers, routers, firewalls, and intrusion detection systems
- Provide result reports and support teams in evaluating, coding, and implementing fixes (patches) for vulnerabilities such as malicious code, SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning, and web service manipulation
- Conduct security assessments using penetration testing, ethical hacking tools, and risk assessment methodologies to identify vulnerabilities
- Perform source code reviews and configuration reviews against CIS benchmarks and security standards
- Participate in customer calls for requirement gathering, explaining findings, and technical discussions