Job Specifications
COSMOTE Global Solutions, part of the OTE Group of Companies, is a leading provider of ICT Solutions and Services, specializing in various areas such as Cloud, Data Centre operations, Networking, Cybersecurity, and more.
As an Expert in Secure Development, you will play a critical role in enhancing the security of our software development processes, ensuring that all applications are built with a strong security posture.
Responsibilities:
Perform a white-box penetration test of the AFIS application, using full access to source code, documentation, system configuration, and user accounts with varying privilege levels.
Design and execute authenticated attack scenarios for multiple predefined user roles, focusing on privilege escalation, horizontal access abuse, and misuse of authenticated functionalities.
Apply a structured penetration testing methodology, based on PTES (Penetration Testing Execution Standard) or an equivalent industry-accepted approach, ensuring completeness and repeatability of the test process
Conduct all tests in alignment with the OWASP Testing Checklist, covering the required categories such as authentication, authorization, session management, input validation, error handling, and business logic testing.
Analyse identified vulnerabilities, exploitation paths, and systemic weaknesses, and evaluate their impact, likelihood, and relevance to the AFIS security posture.
Document all findings in a comprehensive PDF report, including technical descriptions, reproduction steps, risk severity ratings, affected components, and recommended remediation actions.
Register all discovered defects as bugs in the AFIS Ticketing platform, using the agreed-upon template and severity classification, ensuring traceability to the penetration test results.
Provide guidance to the AFIS team on remediation approaches, mitigation strategies, and secure alternatives for high-risk issues
Participate in review or clarification meetings, on request, to walk through findings, exploitation steps, and recommended fixes with stakeholders
Requirements
Master's Degree on It or a related field
Minimum 8 years of experience in offensive security testing of Web Applications and Infrastructure technologies on a relevant technology stack (Java, Linux, Oracle/Postgres)
Deep understanding of penetration testing methodologies such as PTES, OWASP Testing Guide, NIST SP 800-115, and ISSAF
Extensive knowledge of OWASP Top 10, OWASP ASVS, CWE, and common vulnerability classes
Familiarity with modern application architectures (web, API, client-server, microservices)
Knowledge of secure software development practices and common coding pitfalls.
Understanding of authentication and authorization models, including role-based access control, session management, and token-based authentication.
Knowledge of network protocols, encryption, TLS, certificates, and secure communication patterns.
Strong understanding of application data flows, business logic, and trust boundaries.
Expertise in exploit development concepts, payload crafting, and evasion techniques (where applicable in a white-box context).
Knowledge of logging and monitoring mechanisms, audit trails, and security-relevant events
Understanding of the AFIS application architecture (once documentation is provided).
Familiarity with the programming languages, frameworks, and libraries used in the AFIS code base (Java, Spring Boot, React, Python).
Knowledge of identity and access management technologies affecting authenticated scenarios.
Experience with issue tracking platforms, specifically Gitlab, for accurate defect reporting.
Understanding of the AFIS application architecture (once documentation is provided).
Familiarity with the programming languages, frameworks, and libraries used in the AFIS code base.
Knowledge of identity and access management technologies affecting authenticated scenarios.
Experience with issue tracking platforms, specifically Jira, for accurate defect reporting
Ability to perform white-box testing, including code-assisted analysis and configuration review.
Expertise in authenticated testing, including session manipulation, impersonation, and privilege escalation attempts
Ability to identify security flaws in business logic, not just technical layers
Skills in dynamic analysis, static analysis, and manual testing techniques.
Proficiency in using penetration testing tools, such as:
Burp Suite Pro
OWASP ZAP
Postman / API testing tools
Browser DevTools
Source code review tools (static analyzers when available)
Ability to create and execute realistic attack chains based on combined vulnerabilities
Ability to understand, speak and write French (C2); Dutch (B1) will be an advantage
Mandatory Certifications:
Offensive Security Certified Professional (OSCP)
About the Company
COSMOTE Global Solutions, as a member of OTE Group of Companies, is an ICT Systems Integrator delivering a broad range of ICT Solutions and Services. CGS provides a broad range of ICT Services focusing on: Cloud, Data Centre operations, Networking, Cybersecurity, BI and Data Warehouse, Big Data, Service Desk, Proactive Monitoring, Operations and Support, Service Management, Project and Programme Management, and Professional Services. OTE Group: OTE Group is the largest technology provider in Greece. It is one of the top thre...
Know more