Qbit Hacking & Testing is part of the Qbit Cyber Security organisation. We assess software, systems and networks for vulnerabilities. We know our assessments require deep technical knowledge and a hacker mindset. Do you think you have these qualifications? Do you want the (cyber) world a little more secure? Then we are looking for you!
Typical projects run for several days to several weeks. Infrastructure assessments are performed remotely or at our customer premises. You are challenged to to find known and new vulnerabilities in systems, networks and domain controllers, to name but a few. The tools you will use include, but are not limited to: Nessus, responder.py, testssl.sh, crack NTLM hashes. Ultimate goal in many cases is to become domain admin, and/or gain access to other sensitive information (like Intellectual Property).
Web application assessments typically involve locating vulnerabilities in web applications, such as those mentioned in the OWASP ASVS. You will use tools like, but again not limited to: Burp suite pro, nikto, and dirsearch, but your added value is in manual assessments of the application, since your hacker mindset will see issues that tools will miss, allowing you to bypass the business logic of the application, and using it in ways that were not intended.
As an expert you have at least three years experience in an ethical hacker role. At Qbit you will enhance the following competences:
* Act as project lead for assessment projects, you work on together with one or more colleagues
* Supervising and counseling trainees, and less experienced employees
* Share your knowledge and expertise proactively (pizza sessions, security meetings, and during a stand up)
* Independently act as Qbit representative and ambassador at customer sites
* Continuously try to improve upon our reports and take responsibility in the review process
We strongly believe in permanent education, but also in self-motivation. We therefore urge you to keep your knowledge up to date. Much is possible, but you are responsible for initiating, and keep track of your personal development plan. Qbit recognises the benefits of (internal) schooling and training sessions, but also want you (together with some colleagues) to visit conferences like OWASP AppSec, DEFCON, Blackhat, ISF, NCSC One, CCC and Infosecurity. Another way to educate yourself is participating in Capture the Flag events.
We carefully select our employees from established colleges of technology, and universities. Most of our employees have a degree in software engineering, system and network engineering, or computing science. In addition to this formal education we encourage our ethical hackers to obtain certificates like: Offensive Security Certified Professional (OSCP), eLearnSecurity Web application Penetration Tester (eWPT), eLearnSecurity Web application Penetration Testers eXtreme (eWPTX), Licensed Penetration Tester (LPT), GIAC Certified Penetration Tester (GPEN), or Certified Ethical Hacker (CEH).
What to expect from us?
Qbit is an innovative and fast growing company with a focus on IT security. We emphasise on cooperation, sharing knowledge, (permanent) education, (enhancing) skills, and most importantly finding satisfaction in your day to day projects. No doubt, the work must be done in time and according to the high quality standards our customers expect from us, but we are convinced that this is much easier when you are a part of a pleasant team, with an appropriate salary, and a convenient workplace. We like you to keep a proper work-life balance, so we frown upon overtime, and try to do most of the projects from our offices in Haarlem or Groningen. Lunch is provided by Qbit, so no need to pack your own sandwiches, and last, but not least, we occasionally will organise an event after work including food and drinks.
It would be nice if you could understand Dutch.
If you recognise yourself in the above description, and want to enhance our team, then do not hesitate to contact us. We are looking forward to your reaction.