Role Overview

We are seeking an Associate Penetration Tester to join our cybersecurity team. The successful candidate will play a critical role in ensuring the security and integrity of CMA CGM's IT infrastructure by identifying vulnerabilities and mitigating risks. This role offers an opportunity to grow in a dynamic and innovative environment while working on real-world challenges within the shipping and logistics sector.

Key Responsibilities

• Conduct penetration tests on web applications, networks, systems, and cloud environments to identify vulnerabilities.
• Perform vulnerability assessments and threat analysis to support risk mitigation.
• Document findings with detailed reports, including risk assessments and recommendations for remediation.
• Collaborate with IT teams to validate and ensure the timely resolution of identified vulnerabilities.
• Participate in Red Team/Blue Team exercises to enhance overall organizational security.
• Research and stay updated on the latest cybersecurity threats, attack vectors, and industry best practices.
• Assist in developing and maintaining security tools, scripts, and automation to streamline testing processes.
• Provide input to improve CMA CGM’s security policies, standards, and procedures.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 1–3 years of experience in penetration testing or a related cybersecurity role.
• Proficiency in common penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus, etc.).
• Familiarity with security frameworks and standards (e.g., OWASP, MITRE ATT&CK, ISO 27001).
• Solid understanding of networking protocols, web application security, and system architecture.
• Hands-on experience with scripting languages such as Python, PowerShell, or Bash.
• Strong analytical and problem-solving skills.
• Excellent communication skills, with the ability to articulate technical issues to non-technical stakeholders.

Preferred Qualifications

• Industry certifications such as CEH, OSCP, eCPPT, or CompTIA Pentest+.
• Experience with cloud security (AWS, Azure, GCP).
• Knowledge of secure coding practices and DevSecOps principles.
• Understanding of regulatory requirements such as GDPR or ISO 27001 compliance.