Deskripsi pekerjaan Penetration Tester PT Eternal Kreasi Indonesia
Job Description
- Conduct penetration testing on web applications, mobile applications, APIs, networks, cloud environments, and internal/external infrastructure.
- Identify, validate, and assess security vulnerabilities using both automated and manual testing techniques.
- Perform vulnerability assessments and security risk analysis.
- Simulate real-world cyber attacks to evaluate the effectiveness of security controls.
- Prepare detailed penetration testing reports, including findings, risk ratings, proof of concept, and remediation recommendations.
- Collaborate with development, infrastructure, and security teams to resolve identified vulnerabilities.
- Re-test remediated vulnerabilities to verify successful mitigation.
- Stay up to date with the latest cybersecurity threats, attack techniques, and security best practices.
- Participate in security reviews, threat modeling, and secure development initiatives.
- Ensure penetration testing activities comply with industry standards and security frameworks such as OWASP, NIST, PTES, and MITRE ATT&CK.
Requirements
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or a related field.
- Minimum 2–5 years of experience in Penetration Testing, Ethical Hacking, or Cyber Security.
- Strong understanding of network security, operating systems (Windows/Linux), TCP/IP, DNS, HTTP/HTTPS, and common network protocols.
- Hands-on experience performing Web Application, API, Mobile Application, Network, and Infrastructure Penetration Testing.
- Strong knowledge of the OWASP Top 10, OWASP Testing Guide, MITRE ATT&CK, NIST, and PTES methodologies.
- Experience with penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, Wireshark, SQLmap, Hydra, Gobuster, ffuf, and other security assessment tools.
- Familiarity with scripting or programming languages such as Python, Bash, PowerShell, JavaScript, or Go is an advantage.
- Experience testing cloud environments (AWS, Azure, or GCP) is a plus.
- Knowledge of Active Directory security, privilege escalation, and post-exploitation techniques is preferred.
- Strong analytical, problem-solving, and report writing skills.
- Excellent communication skills and the ability to present technical findings to both technical and non-technical stakeholders.
- Relevant certifications such as CEH, eJPT, PNPT, OSCP, GPEN, CRTO, or equivalent are highly preferred.

