├── Application_Penetration_Tester.md ├── Application_Security_Expert.md ├── Automation_Engineer.md ├── Blue-Team_Member.md ├── Bug_Bounty_Hunter.md ├── Chief_Information_Security_Officer.md ├── Chief_Security_Officer.md ├── CloudSecurity_Engineer.md ├── Cyber_Intelligence_Specialist.md ├── Cyber_Operation_Systems_Research_Engineer.md ├── Cyber_Threat_Analyst.md ├── DataSecurity_Engineer.md ├── Data_Privacy_Officer.md ├── DevSecOps_Engineer.md ├── Digital_Forensic_Analyst.md ├── Exploit_Developer.md ├── Incident_Responder.md ├── Information_Security_Analyst.md ├── LICENSE ├── Malware_Analyst.md ├── Mobile_Application_Security.md ├── Mobile_Penetration_Tester.md ├── NetworkSecurity_Engineer.md ├── Network_Penetration_Tester.md ├── README.md ├── Red-Team-Member.md ├── SCADA_Security_Specialist.md ├── Security_Engineer(Hardware).md ├── Security_Engineer(Software).md ├── Security_Operation_Center.md ├── Security_Researcher.md ├── Source_Code_Auditor.md ├── TODO ├── Threat_Hunter.md ├── Web_Penetration_Tester.md ├── allv1.png └── network_attacks_dataset.csv /Application_Penetration_Tester.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment. 3 | 4 | 5 | # Baseline 6 | 7 | * Known Some Programming Language 8 | * Known Some Application Architecture 9 | 10 | # Hard Skills 11 | * Experience performing whitebox application penetration testing (Web, APIs, Mobile, Thick clients); or ability to demonstrate equivalent knowledge 12 | 13 | * Excellent skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, IDA Pro, Kali, etc. 14 | 15 | * Experience performing manual application source code security reviews for various languages such as: Java, .Net (C#, VB#), C++ 16 | 17 | * Experience with UNIX or Linux. 18 | 19 | * Experience with scripting languages such as: Python, bash, Powershell, etc. 20 | 21 | * Knowledge of containers and cloud technologies 22 | 23 | 24 | # Soft Skills 25 | * Self-motivated and a self-starter. If you have a question, be pro-active in finding the answer and communicate your learnings with teammates 26 | * Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * CEH 35 | * OSCP 36 | * EWPT 37 | * EWPTX 38 | * EMAPT 39 | 40 | 41 | # Job Salary 42 | 43 | ## Asia 44 | $30K <= $59K <= $115K 45 | 46 | 47 | ## Africa 48 | $39K <= $54K <= $59K 49 | 50 | 51 | ## North America 52 | $104K <= $120K <= $138K 53 | 54 | 55 | ## South America 56 | $72K <= $96K <= $132K 57 | 58 | 59 | ## Europe 60 | £45,624 <= £69,999 <= £82,499 61 | 62 | 63 | ## Oceania 64 | AU$58K <= AU$83,990 <= AU$120K 65 | 66 | 67 | 68 | # Interview Questions 69 | * https://www.synopsys.com/blogs/software-security/web-appsec-interview-questions/ 70 | * https://www.guru99.com/mobile-testing-interview-questions.html 71 | * https://compsecurityconcepts.wordpress.com/2016/02/19/network-penetration-testing-interview-questions-answers/ 72 | 73 | 74 | # Training Resources 75 | * https://start.me/p/PwmnBd/web 76 | * https://start.me/p/OmxRqE/mobile 77 | * https://start.me/p/X2K4oB/network 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /Application_Security_Expert.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | As a member of our Infrastructure & Information Security pod, you will support our cloud infrastructure by developing tools, building services, and providing consultative services to our engineering teams. You will be a key part in safeguarding our creators who entrust Teachable with their content every day. You’ll plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. 3 | 4 | # Baseline 5 | 6 | * Known Framework Architecuture 7 | 8 | 9 | # Hard Skills 10 | * Familiarity with MITRE's ATT&CK Framework 11 | * Leading or conducting Adversary Emulations 12 | * Familiarity with industry Adversary Emulation Frameworks like CBEST, iCAST, GFMA 13 | * Leading or conducting Purple Team Testing 14 | * Participation in Cyber Tiger Team operations 15 | * Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience 16 | * Identifying, researching, validating, and exploiting various different, known, and unknown security vulnerabilities on the server and client side 17 | * Reporting information security vulnerabilities to businesses and senior management 18 | * Providing support in remediation efforts 19 | * Web application infrastructure. e.g. Application Servers, Web Servers, Databases 20 | * Experience with automation of security testing as part of a CI/CD pipeline 21 | * Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net 22 | * Develop and implement secure software development lifecycle (SSDLC) 23 | * Experience with any of the application security tools as Checkmarx, Sonatype, OWASP ZAP, Portswigger Burp, IBM AppScan, HP WebInspect, or Acunetix. 24 | * Experience in Cloud security including AWS. 25 | 26 | 27 | 28 | 29 | 30 | # Soft Skills 31 | * Continuous learning on the job 32 | * You want to build things, not just break them 33 | 34 | 35 | # Education 36 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 37 | 38 | 39 | # Certification 40 | * CSSLP 41 | 42 | 43 | # Job Salary 44 | 45 | ## Asia 46 | $41K <= $60K <= $84K 47 | 48 | 49 | ## Africa 50 | $39K <= $54K <= $59K 51 | 52 | 53 | ## North America 54 | $73K <= $100K <= $130K 55 | 56 | 57 | ## South America 58 | $55K <= $87K <= $132K 59 | 60 | 61 | ## Europe 62 | £30K <= £48K <= £120K 63 | 64 | 65 | ## Oceania 66 | AU$56K <= AU$90K <= AU$145K 67 | 68 | 69 | 70 | # Interview Questions 71 | * https://ishaqmohammed.me/posts/application-security-engineer-interview-questions/ 72 | * https://www.wisdomjobs.com/e-university/application-security-interview-questions.html 73 | 74 | 75 | # Training Resources 76 | * 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /Automation_Engineer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A Security Automation Engineer is required to design and implement automation workflows to enhance incident response, threat hunting, fraud, and insider risk management, as well as vulnerability management processes. The role involves developing custom API integrations to improve SOAR (Security Orchestration, Automation, and Response) capabilities and scripting automation solutions to detect and prevent cyber threats. You will collaborate with security teams to tune solutions, administer SOAR platforms, and identify automation opportunities in cybersecurity processes. 3 | 4 | # Baseline 5 | * 5+ years of experience in Cyber Security, Incident Response, Information Security, or related fields 6 | * Strong coding/scripting experience, especially in Python or similar languages 7 | * Hands-on experience with SIEM platforms, firewalls, IPS/IDS, and endpoint security solutions 8 | * Familiarity with threat intelligence platforms (TIP) and integrating IOCs into workflows 9 | * Experience with Windows, Linux, and Apple environments 10 | 11 | # Hard Skills 12 | * Advanced experience in scripting and automation, with Python, Bash, or PowerShell 13 | * Expertise in SOAR platform administration, with a focus on content release management 14 | * Strong troubleshooting skills for tools such as Wireshark, forensic tools, and log analysis 15 | * Familiarity with API integrations for firewalls, SIEM, and TIP platforms 16 | * Advanced knowledge of incident response methodologies, threat hunting, and vulnerability management 17 | * Experience with security monitoring tools and techniques, including threat detection and prevention mechanisms 18 | * Knowledge of common security threats and vulnerabilities, as well as hands-on experience in mitigating them 19 | 20 | # Soft Skills 21 | * Excellent analytical and problem-solving skills 22 | * Strong communication skills, both written and verbal, with the ability to collaborate with cross-functional teams 23 | * Ability to mentor peers and security analysts in automation and incident response processes 24 | 25 | # Education 26 | * Bachelor's degree in Computer Science, Information Systems, or a related field 27 | 28 | # Certification 29 | * GIAC Security Automation Engineer (GCSA) 30 | * Certified Information Systems Security Professional (CISSP) 31 | * CompTIA Cybersecurity Analyst (CySA+) 32 | 33 | # Job Salary 34 | 35 | ## Asia 36 | $50K <= $70K <= $85K 37 | 38 | ## Africa 39 | $30K <= $45K <= $60K 40 | 41 | ## North America 42 | $80K <= $120K <= $160K 43 | 44 | ## South America 45 | $35K <= $55K <= $70K 46 | 47 | ## Europe 48 | €55K <= €70K <= €90K 49 | 50 | ## Oceania 51 | AU$75K <= AU$100K <= AU$135K 52 | 53 | # Interview Questions 54 | * What is your approach to automating threat detection workflows? 55 | * How do you ensure that security automation tools are effectively integrated into a SOAR platform? 56 | * Describe a situation where you identified and implemented an automation opportunity that improved security processes. 57 | * What programming languages do you use to write automation scripts, and how have they helped in security operations? 58 | 59 | # Training Resources 60 | * https://www.coursera.org/learn/automating-real-world-tasks-with-python 61 | * https://www.udemy.com/course/security-automation-and-orchestration/ 62 | -------------------------------------------------------------------------------- /Blue-Team_Member.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | The ideal team member will have extensive experience in more than one of the following security testing domains: Network/Application, Web Application, Mobile Application, and Operating System. This candidate must be driven, a stellar communicator, enthusiastic and have the desire to stay ahead of today’s emerging threats and actor techniques. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Minimum 2 years of Cyber Security experience 11 | * Perform technical duties in support of the in-houseInformation Systems Security program 12 | * Participate in the selection, evaluation, implementation, and security ofnetwork infrastructure and support systems/applications. 13 | * Builds system security assessments of network infrastructure and support systems 14 | * Analyses potential cyber threats to the infrastructure, able to support customer meetings to discuss vulnerabilities to the network 15 | * Provide technical support and responseto security requests from the local Cyber Security Service Provider (CSSP) 16 | * Provide technical support for responding to and implementing mitigation(s)across the networks and support systems, in support of Red/Blue Team assessments and other inspections 17 | * Provide technical guidance on best practices and assist network engineers in the development of User Guides, Standard Operating Procedures, and Policies. 18 | * Perform other duties as assigned in support of security functions 19 | * Solid understanding of current technology trends, security best practices, and cyber securitythreats 20 | * Ability to troubleshoot issues and work with engineers/vendors to resolve issues withsecurity configurations 21 | 22 | 23 | 24 | 25 | # Soft Skills 26 | * Self-starter with a willingness to learn about a variety of security concepts 27 | * Strong customer service orientation with the ability to build effective relationships 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * SEC505 35 | * SEC506 36 | * SEC566 37 | 38 | 39 | # Job Salary 40 | 41 | ## Asia 42 | $28K <= $51K <= $122K 43 | 44 | 45 | ## Africa 46 | $24K <= $54K <= $118K 47 | 48 | 49 | ## North America 50 | $104K <= $120K <= $138K 51 | 52 | 53 | ## South America 54 | $41K <= $105K <= $126K 55 | 56 | 57 | ## Europe 58 | £50K <= £75K <= £125K 59 | 60 | 61 | ## Oceania 62 | AU$54K <= AU$100K <= AU$120K 63 | 64 | 65 | # Interview Questions 66 | * https://www.reddit.com/r/AskNetsec/comments/553kvx/interview_questions_red_team_thinking_vs_blue/ 67 | 68 | 69 | # Training Resources 70 | * 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /Bug_Bounty_Hunter.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A bug bounty hunter is an individual who knows the nuts and bolts of cybersecurity and is well familiar with finding bugs or flaws. Simply put, a bug bounty hunter tests applications and platforms and looks for bugs that sometimes even the in-house development team fails to spot. Once spotting a bug, these professionals inform the company (or the concerned body behind the application or the platform) about the bug and in return, they get paid. The benefits are not always monetary. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | 10 | # Hard Skills 11 | * Expertise in all aspects of security disciplines: Information security, software development, vulnerability assessments, threat analysis, incident response, threat modeling, security intelligence and forensic investigations. 12 | * Experience with Windows operating systems and security (boot process, subsystems, kernel- and user-level processes, networking, Active Directory, NTFS/NTFS security), Ubuntu, Kali Linux in addition to: 13 | * Proficient with common attack tools (Immunity CANVAS, Burp, SET, Metasploit, Nmap, Nessus) and defensive tools (Snort Intrusion Detection System (IDS)/Intrusion Prevention System(IPS), tcpdump, Wireshark, Security Onion IDS Linux Distribution) 14 | * Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues. 15 | * Research and remain up to date with emerging threats and adversary emulation methodologies. 16 | 17 | 18 | # Soft Skills 19 | * Excellent presentation and communications skills to effectively communicate with program manager. 20 | * Ability to clearly articulate complex concepts (both written and verbally). 21 | 22 | 23 | # Education 24 | * 25 | 26 | 27 | # Certification 28 | * 29 | 30 | 31 | # Job Salary 32 | $0K <= $0K <= $∞K 33 | 34 | 35 | # Interview Questions 36 | * 37 | 38 | 39 | # Training Resources 40 | * nahamsec.com 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /Chief_Information_Security_Officer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | The CISO will serve as the process owner of all assurance activities related to the availability, integrity, and confidentiality of business partner, employee, and business applications in compliance with the Company information security policies. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * Develop, implement and monitor strategic security risk programs 10 | * Review and improve the company's cloud network, IT architecture, data, and application security 11 | * Integrate and operate security solutions and tools 12 | * Coordinate penetration tests and bug bounty efforts 13 | * Cooperate with the IT, Operations, and Legal teams on security-related issues, including compliance and internal security 14 | * Serve as a hub of knowledge for developers, infrastructure engineers, and operation staff, and security engineers. 15 | * Initiate and own needle-moving projects, like adding new security features to the company's products 16 | * Improve Company security resilience (data, people, technology, and services) 17 | * Lead employee security awareness through educational campaigns 18 | * Approve identity and access policies 19 | * Familiarity with the following regulations and certifications: SOC2, GDPR, IEC, COBIT, ITIL ISO 27001 20 | 21 | 22 | # Soft Skills 23 | * Carry out information security awareness, training and educational activities 24 | * Oversee the investigation and prompt response to reported security incidents 25 | 26 | 27 | 28 | # Education 29 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 30 | 31 | 32 | # Certification 33 | * CISM 34 | * CISSP 35 | 36 | 37 | # Job Salary 38 | 39 | ## Asia 40 | $90K <= $202K <= $350K 41 | 42 | 43 | ## Africa 44 | $62K <= $97K <= $119K 45 | 46 | 47 | ## North America 48 | $103K <= $172K <= $247K 49 | 50 | 51 | ## South America 52 | $51K <= $75K <= $93K 53 | 54 | 55 | ## Europe 56 | £69,624 <= £86,999 <= £155,499 57 | 58 | 59 | ## Oceania 60 | AU$88K <= AU$126,990 <= AU$189K 61 | 62 | 63 | # Interview Questions 64 | * https://securityboulevard.com/2018/12/top-30-chief-information-security-officer-ciso-interview-questions-and-answers-for-2018/ 65 | 66 | 67 | # Training Resources 68 | * 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /Chief_Security_Officer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | Most Senior Executive accountable for Security 4 | 5 | # Baseline 6 | 7 | * 8 | 9 | 10 | 11 | # Hard Skills 12 | * In-depth knowledge of Security disciplines: Government Security Inspection/Compliance, classified Information Systems (Information Assurance), Program Protection, Physical/Technical Security, Insider Threat, Counterintelligence, Investigations, Personnel Clearances, Operations Security (OPSEC), Security Awareness, Training and Education (SATE) 13 | * Develop, implement and oversee compliance with Security policies and programs supporting DOD, Intelligence Community and other Customers. In depth understanding of ICDs, NISPOM and SAP policy. 14 | * Actively interface with Government and Industry Senior Security Leaders 15 | * Value added role requiring Security to be a part of the competitive advantage for the Company 16 | * Implement new Customer security requirements into the Team and Company 17 | * Develop, implement and monitor progress toward company goals 18 | * Plan and execute Office of Security budget 19 | * Review Security on a continuing basis for enhancements and improvements through an effective self-assessment program 20 | * Lead the Team and manage performance, delegate tasks 21 | * Develop metrics for Executive Leadership and Customers for clearances, secure facilities, systems, staffing, etc. 22 | * Standardize security practices across the company 23 | * Excellent communications and public speaking ability 24 | * Must be able to clearly articulate security issues, recommendations, changes, implementation, etc. to technical experts, executive leadership, customers and employees 25 | * Capable of forging strong relationships, communication and Team approach with other Departments and Executive Leadership 26 | * Must be able to look at Security strategically and integrate it into future company plans. Includes resources, and financial impacts 27 | * Must be able to prioritize tasks and handle multiple assignments concurrently 28 | * Problem solving with unique solutions to meet company and customer requirements 29 | * Possess initiative, self-starter who can operate independently 30 | * Possess both technical and functional skills in multiple facets of security 31 | * Understanding of information technology and information security 32 | * Knowledge of risk management principles 33 | 34 | 35 | # Soft Skills 36 | * Excellent communications and public speaking ability 37 | * Demonstrated Leadership and managing large teams 38 | * Participation in Customer and other working groups and forums supporting Security 39 | 40 | 41 | 42 | # Education 43 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 44 | 45 | 46 | # Certification 47 | * CISM 48 | * CISSP 49 | 50 | 51 | # Job Salary 52 | 53 | 54 | ## Asia 55 | $207K <= $296K <= $341K 56 | 57 | 58 | ## Africa 59 | $125K <= $153K <= $272K 60 | 61 | 62 | ## North America 63 | $64K <= $158K <= $257K 64 | 65 | 66 | ## South America 67 | $109K <= $187K <= $267K 68 | 69 | 70 | ## Europe 71 | £86K <= £117K <= £128K 72 | 73 | 74 | ## Oceania 75 | AU$109K <= AU$152K <= AU$182K 76 | 77 | 78 | 79 | # Interview Questions 80 | * https://securityboulevard.com/2018/12/top-30-chief-information-security-officer-ciso-interview-questions-and-answers-for-2018/ 81 | 82 | 83 | # Training Resources 84 | * 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /CloudSecurity_Engineer.md: -------------------------------------------------------------------------------- 1 | 2 | # Summary 3 | 4 | Cloud Security Engineer required by a fast-growing cloud services company to work with cloud infrastructure spanning AWS, Google Cloud (GCP), and OpenStack environments. You will be responsible for securing the cloud infrastructure by implementing best practices and vulnerability prevention strategies. Your duties will include securing containerized applications in Docker and Kubernetes, ensuring secure deployment processes, performing regular cloud security audits, and working closely with development and operations teams to monitor and mitigate security risks. You will also handle the automation of security processes, integrate security tools, and ensure compliance with industry standards such as PCI DSS and GDPR. 5 | 6 | # Baseline 7 | 8 | - Expertise in AWS, GCP, and OpenStack environments 9 | - Familiarity with containerization technologies (Docker, Kubernetes) 10 | - Strong understanding of cloud security policies and regulatory compliance 11 | - Experience implementing security for CI/CD pipelines 12 | - Ability to identify and mitigate vulnerabilities in cloud-native applications 13 | 14 | # Hard Skills 15 | 16 | - In-depth hands-on experience with AWS services such as IAM, EC2, S3, RDS, VPC, Lambda, and KMS 17 | - Knowledge of Google Cloud services including Google Identity Platform, Cloud IAM, Cloud Run, GCR (Google Container Registry), Stackdriver, and Cloud Security Scanner 18 | - Experience working with OpenStack environments, configuring and securing its components 19 | - Docker and Kubernetes security practices, including the use of Pod Security Policies, RBAC (Role-Based Access Control), and network policies 20 | - Proficiency in Infrastructure-as-Code tools like Terraform and Ansible for automating security configurations 21 | - Scripting knowledge in Python, Bash, or Go to automate security checks and audits 22 | - Familiarity with vulnerability scanning tools (e.g., Clair for container images) and runtime protection tools like Falco 23 | - Expertise in implementing firewalls, WAF (Web Application Firewalls), IDS/IPS, and monitoring tools for cloud security 24 | 25 | # Soft Skills 26 | 27 | - Ability to communicate complex security concepts to non-technical stakeholders 28 | - Strong troubleshooting and incident response skills in high-pressure environments 29 | - Collaboration with cross-functional teams (DevOps, engineering, operations) to integrate security into development workflows 30 | - Continuous learning and adapting to evolving cloud security threats and solutions 31 | 32 | # Education 33 | 34 | - Bachelor's degree in Information Security, Computer Science, or related field 35 | 36 | # Certification 37 | 38 | - AWS Certified Security – Specialty 39 | - Google Professional Cloud Security Engineer 40 | - Certified Kubernetes Security Specialist (CKS) 41 | - Certified OpenStack Administrator (COA) 42 | 43 | # Job Salary 44 | 45 | ## Asia 46 | 47 | $55K <= $70K <= $85K 48 | 49 | ## Africa 50 | 51 | $30K <= $40K <= $55K 52 | 53 | ## North America 54 | 55 | $85K <= $120K <= $160K 56 | 57 | ## South America 58 | 59 | $35K <= $50K <= $65K 60 | 61 | ## Europe 62 | 63 | £55,000 <= £70,000 <= £90,000 64 | 65 | ## Oceania 66 | 67 | AU$70K <= AU$95K <= AU$125K 68 | 69 | # Interview Questions 70 | 71 | - How do you implement security in a cloud-native architecture with multiple services like AWS, GCP, and OpenStack? 72 | - How do you secure containerized environments such as Docker and Kubernetes in the cloud? 73 | - Describe how you automate security monitoring and compliance in a CI/CD pipeline. 74 | - How do you handle identity and access management (IAM) across multiple cloud providers? 75 | 76 | # Training Resources 77 | 78 | - [AWS Certified Security – Specialty Exam Guide](https://aws.amazon.com/certification/certified-security-specialty/) 79 | - Google Professional Cloud Security Engineer Study Guide 80 | - Certified Kubernetes Security Specialist (CKS) Preparation 81 | -------------------------------------------------------------------------------- /Cyber_Intelligence_Specialist.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | The Cyber Threat and Intelligence Analyst will support the customer's overall cyber threat analysis efforts. Researches, analyzes, writes, edits, and proofreads technical data for use in documents such as cybersecurity intelligence bulletins, alerts, and briefings. Attends meetings such as those that determine workflow, requirements, and other required documentation as part of contract deliverables. Ensures documentation is accurate, complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style. Participates in establishing style guidelines and standards for text and illustrations. Contributes to development, writing, and reviewing of SOPs. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Working as expert, conduct research and evaluate technical and all-source intelligence with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to networked weapons platforms and US and DoD information networks. 11 | * Analyzes network events to determine the impact on current operations and conduct all-source research to determine advisory capability and intent. 12 | * Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research and analysis of classified and open source information. Correlates threat data from various sources. 13 | * Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations. 14 | * Understanding of adversarial TTPs 15 | * Understanding of threat actor infrastructure 16 | * Experience using technical information to bolster intelligence analysis 17 | * Ability to draft, modify and create SOP for use of other team members 18 | * Experience working with open source and social media data platforms to evaluate publicly available information for suspicious or malicious activities 19 | * Demonstrated expertise in deploying and maintaining tools to facilitate the flow of intelligence analysis and reports. 20 | * Experience with All Source production and knowledge of cyber/technical intelligence 21 | * Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Report 22 | 23 | 24 | # Soft Skills 25 | * Excellent written and verbal communication skills. 26 | * Handles multiple competing priorities in a fast-paced, deadline-driven environment. 27 | * Demonstrated ability to deal with ambiguity in a rapidly changing business environment. 28 | * Ability to exercise sound judgement, problem solve, and make decisions in complex situations. 29 | * Proven ability to take ownership, self-motivate, and deliver results in highly ambiguous environments. 30 | 31 | 32 | # Education 33 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 34 | 35 | 36 | # Certification 37 | * SEC555 38 | * FOR578 39 | 40 | 41 | # Job Salary 42 | 43 | 44 | ## Asia 45 | $56K <= $96K <= $108K 46 | 47 | 48 | ## Africa 49 | $48K <= $76K <= $102K 50 | 51 | 52 | ## North America 53 | $61K <= $84K <= $129K 54 | 55 | 56 | ## South America 57 | $72K <= $96K <= $132K 58 | 59 | 60 | ## Europe 61 | £45,624 <= £69,999 <= £82,499 62 | 63 | 64 | ## Oceania 65 | AU$53K <= AU$92,990 <= AU$140K 66 | 67 | 68 | # Interview Questions 69 | * https://insights.dice.com/2020/04/22/cybersecurity-analyst-interview-questions-4-prep-considerations/ 70 | 71 | 72 | # Training Resources 73 | * 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /Cyber_Operation_Systems_Research_Engineer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | research, build and design revolutionary technology, and strongly support individual growth through training, attending conferences, and publishing results. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Knowledge of a variety of Machine Learning disciplines to include Neural Networks, Bayesian Inference, and Symbolic learning 11 | * Knowledge of Social Network Analysis, Topology Analysis, or Advanced Statistics 12 | * Knowledge of Network Forensics or Network Geolocation 13 | * Designs and develops new systems, applications, and solutions for external customer's emerging technology and architecture including control systems and mobile technology, cyber systems and networks 14 | * Conceives and develops hypotheses, new methods, techniques, or approaches to address critical cyber security technical problems 15 | * May interface as a cyber security domain expert with external entities including law enforcement, intelligence, and other government organizations and agencies; leader and/or key contributor of technical initiatives, teams, and projects 16 | * Play a critical role in solving some of the most challenging problems facing the nation's intelligence community. 17 | * Be challenged to identify the risks and vulnerabilities of advanced Cyber algorithms. 18 | * Develop countermeasures to mitigate the vulnerabilities using a variety of advanced techniques that include Artificial Intelligence, Game Theory, Topology, and Advanced Statistics. 19 | * Implement countermeasures as prototype modules for evaluation and refinement and collaborate with Government and Industry Cyber professionals. 20 | * 15+ years of overall experience in Research, Applied Mathematics, Data Science, Algorithm Development, Network Analysis, or Cyber 21 | * Minimum 5 years of experience in Cyber techniques 22 | * Minimum 5 years of experience with algorithm code development in languages such as MatLab, Python, Java, C++ or other high-level languages 23 | 24 | # Soft Skills 25 | * The ability to learn quickly and an understanding of technical systems 26 | 27 | 28 | # Education 29 | * PhD degree in Computer Science, Physics, Applied Mathematics, Engineering, or a related field preferred 30 | 31 | 32 | # Certification 33 | * 34 | 35 | 36 | # Job Salary 37 | 38 | 39 | ## Asia 40 | $48K <= $59K <= $84K 41 | 42 | 43 | ## Africa 44 | $34K <= $41K <= $79K 45 | 46 | 47 | ## North America 48 | $54K <= $74K <= $105K 49 | 50 | 51 | ## South America 52 | $44K <= $81K <= $92K 53 | 54 | 55 | ## Europe 56 | £48,624 <= £51,999 <= £64,499 57 | 58 | 59 | ## Oceania 60 | AU$88K <= AU$109,990 <= AU$134K 61 | 62 | 63 | # Interview Questions 64 | * 65 | 66 | 67 | # Training Resources 68 | * 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /Cyber_Threat_Analyst.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | This role will be responsible for providing architectural and operational support to the corporate Identity and Access Management program in collaboration with other IT teams as well as hands-on administration of the enterprise Privileged Identity Management (PIM) platform, ensuring the organization meets its business objectives while ensuring appropriate security controls are present. 3 | This role is a technical, hands-on role, and the successful candidate will support the SME for PIM strategy in the organization. Experience with Microsoft ESAE architecture preferred. 4 | 5 | # Baseline 6 | 7 | * 8 | 9 | 10 | # Hard Skills 11 | * Develop intelligence products and performs expansive cyberspace intelligence analyst duties 12 | * Experience with Domaintools, Maltego, Security Incident Event Management, Host Based Security System (HBSS), Firewall, Bro IDS, and Snort 13 | * Experience with Cyber Security in a Joint and Coalition Partner environment 14 | * Possess a thorough understanding of intelligence analytic concepts to monitor, assess, defend and report on cyberspace operations, capabilities, and vulnerabilities 15 | * Develop reports and briefings 16 | * Track and report Cyber Security threats, events and incidents. 17 | * Apply a wide range of intelligence analytic skills to monitor, assess, and report on cyberspace operations, capabilities, vulnerabilities, and personalities that could pose a threat to US computers, communications, weapon systems, and operations 18 | * Review current intelligence for relevant threats and develop appropriate actions/response. 19 | * Analyze vulnerabilities with known exploits that do not have vendor-provided mitigation or remediation action 20 | * Conduct real-time threat analysis for USCENTCOM Headquarters through multiple situational awareness and management tools. 21 | * Conduct research that focuses on rapidly emerging cyber threats and cyber adversary Tactics, Techniques, and Procedures (TTPs) 22 | 23 | 24 | # Soft Skills 25 | * The ability to learn quickly and an understanding of technical systems 26 | 27 | 28 | # Education 29 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 30 | 31 | 32 | # Certification 33 | * SEC460 34 | * SEC599 35 | * FOR508 36 | * FOR578 37 | 38 | 39 | # Job Salary 40 | 41 | ## Asia 42 | $48K <= $59K <= $71K 43 | 44 | 45 | ## Africa 46 | $32K <= $41K <= $65K 47 | 48 | 49 | ## North America 50 | $53K <= $34K <= $116K 51 | 52 | 53 | ## South America 54 | $34K <= $44K <= $89K 55 | 56 | 57 | ## Europe 58 | £39,624 <= £54,999 <= £66,499 59 | 60 | 61 | ## Oceania 62 | AU$53K <= AU$92,990 <= AU$105K 63 | 64 | 65 | # Interview Questions 66 | * https://insights.dice.com/2020/04/22/cybersecurity-analyst-interview-questions-4-prep-considerations/ 67 | 68 | 69 | # Training Resources 70 | * 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /DataSecurity_Engineer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | The **Data Security Engineer** role involves ensuring the security of big data environments by applying AI and big data analytics techniques to identify, mitigate, and prevent security vulnerabilities. The engineer is tasked with securing data pipelines, implementing robust encryption, managing access control, and ensuring that the data science and AI models within an organization are not compromised. They work closely with data science teams to secure sensitive data from both external threats (e.g., hackers) and internal threats (e.g., mismanagement or data leaks), ensuring the integrity and reliability of business-critical data. 4 | 5 | # Baseline 6 | 7 | - Deep knowledge of AI, big data systems, and security protocols. 8 | - Experience in securing large-scale data environments, including cloud-based and on-premises systems. 9 | - Familiarity with the latest trends and tools in data security and AI-driven vulnerability detection. 10 | 11 | # Hard Skills 12 | 13 | - Strong experience with big data frameworks such as Hadoop, Spark, and NoSQL databases (e.g., MongoDB). 14 | - Expertise in machine learning and AI for identifying security vulnerabilities, including anomaly detection techniques. 15 | - Hands-on experience with data encryption techniques, role-based access control (RBAC), and multi-factor authentication (MFA). 16 | - Proficiency in using big data security tools such as Apache Ranger, Knox, and Sentry for securing large datasets. 17 | - Understanding of data privacy regulations (GDPR, CCPA) and how they affect AI and big data systems. 18 | - Familiarity with cloud security, particularly in platforms such as AWS, Google Cloud, and Azure, with tools like GuardDuty, KMS, and IAM for securing data pipelines. 19 | 20 | # Soft Skills 21 | 22 | - Excellent problem-solving skills and ability to work with large cross-functional teams, including data scientists and AI engineers. 23 | - Strong communication skills to relay complex security measures to non-technical teams. 24 | - Proactive attitude in keeping up with the evolving nature of AI and big data security threats. 25 | 26 | # Education 27 | 28 | - Bachelor's degree in Computer Science, Cybersecurity, or related fields. 29 | - Advanced certifications in data security or AI (optional, but beneficial). 30 | 31 | # Certification 32 | 33 | - CISSP (Certified Information Systems Security Professional) 34 | - CCSK (Certificate of Cloud Security Knowledge) 35 | - CEH (Certified Ethical Hacker) 36 | 37 | # Job Salary 38 | 39 | ## Asia 40 | 41 | $50K <= $72K <= $95K 42 | 43 | ## Africa 44 | 45 | $35K <= $45K <= $60K 46 | 47 | ## North America 48 | 49 | $85K <= $130K <= $180K 50 | 51 | ## South America 52 | 53 | $40K <= $55K <= $75K 54 | 55 | ## Europe 56 | 57 | £65,000 <= £75,000 <= £100,000 58 | 59 | ## Oceania 60 | 61 | AU$70K <= AU$100K <= AU$140K 62 | 63 | # Interview Questions 64 | 65 | - How would you secure a big data pipeline end-to-end using AI-driven security tools? 66 | - Can you explain a recent vulnerability you identified in a machine learning model, and how you mitigated it? 67 | - What challenges do you foresee in securing AI-based systems, and how would you address them? 68 | 69 | # Training Resources 70 | 71 | - Big Data Security: Best Practices 72 | - [Emerging Trends in AI and Big Data Security](https://link.springer.com)​ 73 | -------------------------------------------------------------------------------- /Data_Privacy_Officer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | We’re looking for an open-minded individual with a genuine love of data protection, who can think innovatively and see the opportunity here for both career and personal development working for a high-growth company. Reporting day-to-day into our Group General Counsel, this individual will work alongside internal stakeholders (e.g. development, operations, sales, and InfoSec) and play a pivotal role in driving our global compliance function – helping to deliver our culture where the protection of data is at the heart of our business. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Leads the Global privacy direction of NTTS. 11 | * informing and advise NTTS of their obligations under GDPR and other relevant privacy law; 12 | * monitoring compliance with the GDPR, and data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits; 13 | * providing advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35 of the GDPR; 14 | * acting as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36 of the GDPR, and to consult, where appropriate, with regard to any other matter; 15 | * Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and administration, the Executive Leadership Team and legal counsel. 16 | * The PO will be a strategic thought leader and have a proven track record of integrating privacy requirements with business functions. 17 | 18 | 19 | 20 | # Soft Skills 21 | * ethical, pro-active, motivated and responsible, able to remain impartial 22 | * organisational skills enabling the ability to deal with large amounts of information 23 | * excellent verbal and written skills, able to influence 24 | * willingness to learn and seize opportunities 25 | 26 | 27 | # Education 28 | * Bachelor’s degree in Computer Science, Information Management, Business Administration, Information Security, Information Assurance, Information Systems, or other relevant field. 29 | 30 | 31 | 32 | # Certification 33 | * GDRP 34 | * CDO 35 | 36 | 37 | # Job Salary 38 | 39 | 40 | ## Asia 41 | $41K <= $67K <= $96K 42 | 43 | 44 | ## Africa 45 | $12K <= $17K <= 26K 46 | 47 | 48 | ## North America 49 | $33K <= $86K <= $113K 50 | 51 | 52 | ## South America 53 | $71K <= $87K <= $112K 54 | 55 | 56 | ## Europe 57 | £39,624 <= £46,999 <= £74,499 58 | 59 | 60 | ## Oceania 61 | AU$78K <= AU$91,990 <= AU$115K 62 | 63 | 64 | # Interview Questions 65 | * http://www.interviewquestionsaz.info/2013/11/data-protection-officer-interview.html 66 | * https://www.mockquestions.com/company/Data+Protection%2C+Inc./ 67 | 68 | 69 | # Training Resources 70 | * 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /DevSecOps_Engineer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | DevSecOps Engineer required by my client in the financial services arena to work in a brand-new and exciting entity that they are building out. You will be assisting and working on building out the platform whilst maintaining the core infrastructure, complete regular testing and be part of the new IT department for this entity. You will also design and own product development for the technology platform including Broker integrations. Initially you will be the main resource managing the platform. You will be required to build and maintain their CI/CD pipeline. You will also automate all the testing processes and ensure safe deployments to the production environment. You will manage the infrastructure and periodically audit the Infrastructure-as-Code (IaC) setup created initially by a third party supplier. You will configure security policies and manage security components, e.g. identity management systems (Google Identity Platform and IAM), vulnerability scanning (Google Container Registry), event/threat monitoring (Google Stackdriver) 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Very strong in-depth hands-on experience with Amazon Web Services, including EC2, IAM, Load Balancers, S3, RDS, VPC, Lambda, KMS, API Gateway, Elasticsearch, GuardDuty and Inspector 11 | * Experience with Kubernetes, Docker Swarm, Apache Mesos or other Docker orchestration offerings 12 | * Designing, implementing, and supporting service provider (xSP, SaaS, IaaS, PaaS, MBaaS, etc.) environments 13 | * Continuous Integration and Continuous Delivery using Jenkins or similar CI tooling 14 | * Configuration management software (Chef) and Infrastructure-as-code (Terraform) 15 | * Scripting in Python, Bash or similar 16 | * Cisco ASA and virtual appliance experience a plus 17 | * Strong understanding of security solutions or activities such as: IDS/IPS solutions, Web Application Firewall (WAF), Malware and AntiVirus detection and prevention tools, Static, Dynamic and Interactive security assessment solutions, Working knowledge of Penetration Test tooling and external Penetration Test offerings, Implement safeguards for network security including perimeter and lateral movement 18 | 19 | # Soft Skills 20 | * Working in a fast-paced 24/7 operations shop - responding to and identifying potential and active issues and determining a course of action 21 | * Keep up-to-date with current programming tools and practices 22 | 23 | 24 | 25 | # Education 26 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 27 | 28 | 29 | # Certification 30 | * SEC540 31 | * DSOE 32 | * CDP 33 | 34 | 35 | # Job Salary 36 | 37 | 38 | ## Asia 39 | $57K <= $65K <= $78K 40 | 41 | 42 | ## Africa 43 | $31K <= $39K <= $53K 44 | 45 | 46 | ## North America 47 | $78K <= $140K <= $205K 48 | 49 | 50 | ## South America 51 | $30K <= $46K <= $61K 52 | 53 | 54 | ## Europe 55 | £58,624 <= £62,999 <= £78,499 56 | 57 | 58 | ## Oceania 59 | AU$67K <= AU$91,990 <= AU$126K 60 | 61 | 62 | # Interview Questions 63 | * https://dzone.com/articles/10-devops-interview-questions-to-gauge-a-candidate 64 | * https://www.simplilearn.com/tutorials/devops-tutorial/devops-interview-questions 65 | 66 | 67 | # Training Resources 68 | * 69 | 70 | 71 | -------------------------------------------------------------------------------- /Digital_Forensic_Analyst.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | The Digital Forensics Analyst/Investigator performs a variety of highly technical analyses and procedures dealing with the collection, processing, preservation, analysis, and presentation of computer?related evidence, and is responsible for disseminating and reporting cyber?related activities, conducing vulnerability analyses and risk management of computer systems and recovering information from computers and data storage devices. Use forensic tools and investigative methods to find specific electronic data, including Internet use history, word processing documents, images and other files. Proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies. Recover information from computers and data storage devices. Use forensic tools and investigative methods to find specific electronic data, including Internet use history, word processing documents, images and other files and information that have been hidden, deleted or lost. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Hands-on working experience with Encase and/ or FTK digital forensics applications 11 | * Experience within SOC/NOC operations 12 | * Experience providing metrics and reports from a SIEM 13 | * Demonstrated expert-level knowledge of Intrusion Detection 14 | * Demonstrated expert-level knowledge of industry standards and best practices within digital forensics 15 | * Experience with researching and fielding new and innovative technology 16 | * Familiarity with Kill Chain for incident response 17 | * Familiarity with malware analysis 18 | * Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances; 19 | * Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports; 20 | * Demonstrate expert knowledge of encryption algorithms such as IPSEC, AES and etc. 21 | * Demonstrate expert ability to analyze of file system implementations such as NFTS, EXT and etc. 22 | * Prior experience leveraging common scripting languages (PowerShell, bash, Python) to parse logs, and automate repeatable tasks 23 | 24 | 25 | 26 | 27 | 28 | # Soft Skills 29 | * Excellent skills and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details. 30 | 31 | 32 | # Education 33 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 34 | 35 | 36 | # Certification 37 | * FOR500 38 | * FOR572 39 | * FOR585 40 | 41 | 42 | # Job Salary 43 | 44 | 45 | ## Asia 46 | $44K <= $54K <= $63K 47 | 48 | 49 | ## Africa 50 | $39K <= $49K <= $51K 51 | 52 | 53 | ## North America 54 | $45K <= $58K <= $79K 55 | 56 | 57 | ## South America 58 | $39K <= $41K <= $71K 59 | 60 | 61 | ## Europe 62 | £31,624 <= £38,999 <= £49,499 63 | 64 | 65 | ## Oceania 66 | AU$58K <= AU$67,990 <= AU$92K 67 | 68 | 69 | # Interview Questions 70 | * https://bitofhex.com/2018/11/07/starting-in-digital-forensics-law-enforcement-edition/ 71 | * https://resources.infosecinstitute.com/category/computerforensics/introduction/computer-forensics-interview-questions/#gref 72 | 73 | 74 | # Training Resources 75 | * 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /Exploit_Developer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | 10 | # Hard Skills 11 | * Strong experience with C, C++, and Assembly (x86, ARM, etc). 12 | * Strong understanding of low-level computer fundamentals, assembly and processor architecture. 13 | * Electronic Skills (soldering, in-circuit debugging). 14 | * Bus and protocol analysis / reverse engineering. 15 | * Hardware / Software reverse engineering. 16 | * Experience with vuln analysis, fuzzing, reverse engineering, and advanced exploitation techniques; hands-on familiarity with tools such as WinDBG, GDB, Wireshark, IDA Pro, Burp Suite, Ghidra, etc. 17 | * Solid working knowledge of different OS and network structures and protocols; experience with different classes of coding flaws and offensive primitives (e.g. integer/stack/heap overflows, use-after-free bugs, info leaks). 18 | * Strong understanding of modern security mitigations and how to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, and so on), as well as common detection capabilities and how to evade them. 19 | * Low-level system security / programming (e.g. kernel, driver, hypervisor, secure boot) 20 | * Hands-on experience with firmware emulation (QEMU, BOCHS, etc) is a plus. 21 | * Windows, Linux, Android, iOS kernel experience and development skills 22 | 23 | # Soft Skills 24 | * The ability to learn ‘just enough' of a language or technology in order to analyze it in the context of a vulnerability. 25 | * Ability to learn and dig into code. The Metasploit Framework code base is large and was contributed by hundreds of developers. Not everything is spelled out, but everything is discoverable. Enthusiasm for code spelunking is a prerequisite for success. 26 | * Ability to work asynchronously and directly with a team of co-workers and volunteers from around the globe. 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * eCXD 35 | * eCRE 36 | * SEC660 37 | * SEC760 38 | 39 | 40 | # Job Salary 41 | 42 | 43 | ## Asia 44 | $78K <= $81K <= $108K 45 | 46 | 47 | ## Africa 48 | $49K <= $61K <= $79K 49 | 50 | 51 | ## North America 52 | $80K <= $100K <= $166K 53 | 54 | 55 | ## South America 56 | $72K <= $96K <= $132K 57 | 58 | 59 | ## Europe 60 | £32,624 <= £79,999 <= £102,499 61 | 62 | 63 | ## Oceania 64 | AU$77K <= AU$103,990 <= AU$111K 65 | 66 | 67 | # Interview Questions 68 | * https://security.stackexchange.com/questions/tagged/exploit-development 69 | 70 | 71 | # Training Resources 72 | * 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /Incident_Responder.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Performs forensic analysis of digital information and gathers and handles evidence.Identifies network computer intrusion evidence and perpetrators, and coordinates with other government agencies to record and report incidents.Participate in collaborative sessions with other CNDSPs and IC agencies on malicious intrusions, attacks or suspicious activities, as well as share emerging Cyber Threat Intel data.Assist in the development of Indicators of Compromise for active defensive countermeasures and passive detection signatures. Position may require evening, weekend or shift-work (depending on operational tempo). 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Hands-on experience in data analysis (preferably network traffic or log analysis) in relevant data analysis and data science platforms (Jupyter, Splunk, pandas, SQL) 11 | * Familiarity with cloud infrastructure, web application and servers, android and iOS mobile platforms 12 | * Experience with malware analysis and reverse engineering 13 | * Familiarity with enterprise SIEM platforms (e.g. Splunk, QRadar, ArcSight) 14 | * Fluency with one or more scripting language (i.e. Python) 15 | * Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators. 16 | * Identifies network computer intrusion evidence and perpetrators, and coordinates with other government agencies to record and report incidents. 17 | * Participate in collaborative sessions with other CNDSPs and IC agencies on malicious intrusions, attacks or suspicious activities, as well as share emerging Cyber Threat Intel data. 18 | * Assist in the development of Indicators of Compromise for active defensive countermeasures and passive detection signatures. 19 | * Research and produce analysis on nation state cyber threat actors. 20 | * Utilize internal and open source research for awareness of nation stated targeting, trends, etc. 21 | * Develop strategic cyber threat intelligence products in support of network defense operations 22 | * Position may require evening, weekend or shift-work (depending on operational tempo). 23 | 24 | 25 | 26 | 27 | 28 | # Soft Skills 29 | * Continuous learning on the job 30 | * You want to build things, not just break them 31 | 32 | 33 | # Education 34 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 35 | 36 | 37 | # Certification 38 | * FOR508 39 | * SEC504 40 | * eCIR 41 | 42 | 43 | # Job Salary 44 | 45 | ## Asia 46 | $69K <= $89K <= $111K 47 | 48 | 49 | ## Africa 50 | $49K <= $64K <= $79K 51 | 52 | 53 | ## North America 54 | $61K <= $86K <= $102K 55 | 56 | 57 | ## South America 58 | $72K <= $96K <= $132K 59 | 60 | 61 | ## Europe 62 | £55,624 <= £68,999 <= £120,499 63 | 64 | 65 | ## Oceania 66 | AU$78K <= AU$108,990 <= AU$191K 67 | 68 | 69 | # Interview Questions 70 | * https://resources.infosecinstitute.com/top-30-incident-responder-interview-questions-and-answers-for-2019/#gref 71 | * https://medium.com/@aubsec/dfir-interivew-questions-68ec48ea570f 72 | 73 | 74 | # Training Resources 75 | * 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /Information_Security_Analyst.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | As a member of the Enterprise Risk Management (ERM) team the Information Security Analyst works closely with and receives guidance from the Information Security Officer with a focus on ensuring bank computer systems are adequately protected against threats, both internal and external; The primary focus will be on the detection and response of cyber related issues and governance of access control processes. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Develop, deploy, and support information security systems and solutions. Examples: Vulnerability Scanning, Data Loss Prevention, SIEM 11 | * Proactively assesses potential risks and vulnerabilities, and drive remediation efforts. Examples: Project Risk Assessments, Threat Identification 12 | * Respond to information security incidents, including investigations/forensics and lead cross-functional teams as necessary. 13 | * Track and report on IT security issues as part of overall risk and project management 14 | * Collaborate with IT Teams globally 15 | * Recommend security enhancements and purchases 16 | * Manage vendors relative to information security systems and services 17 | * Support and respond to audit procedures and findings. Ability to effectively adapt to rapidly changing technologies and apply them to business needs. 18 | * Strong knowledge and understanding of business and business processes; strong business planning skills. 19 | * Solid teamwork and interpersonal skills and ability to communicate with customers, employees and management. 20 | 21 | 22 | 23 | 24 | 25 | # Soft Skills 26 | * Good project management skills 27 | * Strong oral and written communication skills. 28 | 29 | 30 | # Education 31 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 32 | 33 | 34 | # Certification 35 | * SEC573 36 | * MGT414 37 | 38 | 39 | # Job Salary 40 | 41 | 42 | ## Asia 43 | $59K <= $79K <= $109K 44 | 45 | 46 | ## Africa 47 | $40K <= $49K <= $69K 48 | 49 | 50 | ## North America 51 | $53K <= $76K <= $116K 52 | 53 | 54 | ## South America 55 | $51K <= $61K <= $100K 56 | 57 | 58 | ## Europe 59 | £45,624 <= £54,999 <= £82,499 60 | 61 | 62 | ## Oceania 63 | AU$58K <= AU$83,990 <= AU$120K 64 | 65 | 66 | # Interview Questions 67 | * https://career.guru99.com/top-12-security-information-analyst-interview-questions/ 68 | * https://danielmiessler.com/study/infosec_interview_questions/ 69 | 70 | 71 | # Training Resources 72 | * 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 reza.duty 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Malware_Analyst.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Role is intended as an expert individual contributor dedicated to analyzing and researching malware, improving protection quality, increasing threat intelligence, driving new and existing accuracy improvement initiatives and ideas, as well as promoting the image of Kaspersky as the ultimate leader in anti-malware protection. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Perform static and dynamic analysis of the latest malware, including advanced reverse engineering. 11 | * Provide subject matter expertise in the detection, analysis and mitigation of malware and trends in malware development and capabilities. 12 | * Provide an analysis for sophisticated threats including the full attack chain - infection, propagation, lateral movement, exploiting 13 | * Be able to extract malicious patterns from an object and write an effective detection rule which does not cause false positives 14 | * Experience with malware research tools (disassemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers). 15 | * PE32/PE64 files analysis 16 | * x86 and x86-64 assembler understanding 17 | * Knowledge of Windows OS internals - memory, threads, processes, API, etc. 18 | * Proficiency in disassemblers and debuggers usage (IDA Pro, HIew, WinDbg, OllyDbg, etc.) 19 | * Knowledge and understanding of file formats and network protocols 20 | * Experience with network traffic analysis tools (Wireshark, Fiddler) 21 | * Experience in vulnerability research. 22 | 23 | 24 | # Soft Skills 25 | * Desire to develop in the field of information security, to study and apply new technologies 26 | 27 | 28 | # Education 29 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 30 | 31 | 32 | # Certification 33 | * FOR610 34 | * eCMAP 35 | 36 | 37 | # Job Salary 38 | 39 | 40 | ## Asia 41 | $35K <= $59K <= $89K 42 | 43 | 44 | ## Africa 45 | $32K <= $41K <= $61K 46 | 47 | 48 | ## North America 49 | $49K <= $69K <= $95K 50 | 51 | 52 | ## South America 53 | $35K <= $55K <= $69K 54 | 55 | 56 | ## Europe 57 | £45,624 <= £54,999 <= £71,499 58 | 59 | 60 | ## Oceania 61 | AU$49K <= AU$55,990 <= AU$77K 62 | 63 | 64 | # Interview Questions 65 | * https://resources.infosecinstitute.com/top-30-malware-analyst-interview-questions-and-answers-for-2018/ 66 | * https://nixhacker.com/malware-analysis-interview-questions-1/ 67 | 68 | 69 | # Training Resources 70 | * 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /Mobile_Application_Security.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Perform vulnerability analysis of mobile/embedded platforms, applications. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Knowledge of OWASP Mobile Security Testing Guide 11 | * Experience developing iOS, Android, or React Native mobile applications and working within a team environment. 12 | * Familiar with mobile product and design lifecycles and collaborating closely with designers and product managers. 13 | * Design improvements to our existing product by thinking from first principles and focusing on our customer's needs. 14 | * Turn design ideas into features that scale to millions of users by working closely with engineers on mobile and backend teams. 15 | * Take pride in quality - test, track, and monitor features that you ship to our customers and actively fix issues that crop up. 16 | 17 | 18 | # Soft Skills 19 | * Continuous learning on the job 20 | 21 | 22 | # Education 23 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 24 | 25 | 26 | # Certification 27 | * eMAPT 28 | * SEC542 29 | * SEC575 30 | 31 | 32 | # Job Salary 33 | 34 | 35 | ## Asia 36 | $62K <= $71K <= $115K 37 | 38 | 39 | ## Africa 40 | $30K <= $41K <= $49K 41 | 42 | 43 | ## North America 44 | $78K <= $102K <= $125K 45 | 46 | 47 | ## South America 48 | $51K <= $65K <= $91K 49 | 50 | 51 | ## Europe 52 | £39,624 <= £54,999 <= £61,499 53 | 54 | 55 | ## Oceania 56 | AU$58K <= AU$83,990 <= AU$120K 57 | 58 | 59 | # Interview Questions 60 | * https://www.wisdomjobs.com/e-university/mobile-security-interview-questions.html 61 | * https://www.guru99.com/mobile-testing-interview-questions.html 62 | 63 | 64 | # Training Resources 65 | * https://start.me/p/OmxRqE/mobile 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /Mobile_Penetration_Tester.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Mobile application penetration testing allows organizations the ability to weed out any imperfections in their network that require immediate patching and/or protection. Organizations that are entering a mobile pen test scenario should focus on being as positive as possible and thinking of the test as an educational experience. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Knowledge of OWASP Mobile Security Testing Guide 11 | * Being skilful in using and interpreting results from common security tools including but not limited to Burp Suite, Wireshark, Frida, IDA, GHIDRA and other tools in PenToo or Kalinux distro. 12 | * Experience in cybersecurity reverse engineering 13 | * Experience with Android security mechanisms. 14 | * Experience with IOS security mechanisms. 15 | * Knowledge of Android operating system/frameworks. 16 | * Knowledge of IOS operating system/frameworks. 17 | * A good understanding of applied cryptographic techniques. 18 | * Analysis, testing, and debugging skills. 19 | * Experience Dynamic Analysis using Frida 20 | 21 | 22 | # Soft Skills 23 | * Excellent presentation and communications skills to effectively communicate with management and customers. 24 | * Ability to clearly articulate complex concepts (both written and verbally). 25 | * Ability, understanding, and usage of active listening skills (especially with customers!). 26 | 27 | 28 | # Education 29 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 30 | 31 | 32 | # Certification 33 | * eMAPT 34 | * SEC542 35 | * SEC575 36 | 37 | 38 | # Job Salary 39 | $45K <= $69K <= $102K 40 | 41 | 42 | # Interview Questions 43 | * https://www.guru99.com/mobile-testing-interview-questions.html 44 | 45 | 46 | # Training Resources 47 | * https://start.me/p/OmxRqE/mobile 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /NetworkSecurity_Engineer.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | A **Network Security Engineer** is required by a leading technology organization to design, implement, and manage the security infrastructure that protects the network from vulnerabilities. You will utilize network security solutions, including Cisco, Fortinet, Sophos, F5, and Mikrotik, to ensure the safety and integrity of the company's network architecture. The role includes regular auditing of security setups, proactive threat management, and the configuration of security policies to mitigate potential risks. As part of the network security team, you will work closely with the IT and security operations teams to identify security gaps, respond to security incidents, and safeguard the organization’s network against unauthorized access and data breaches. 4 | 5 | # Baseline 6 | 7 | - Support the deployment and maintenance of network security devices (firewalls, VPNs, IDS/IPS systems) across the company's network. 8 | - Collaborate with network administrators to manage network traffic flow and segment network resources. 9 | - Implement network security policies and procedures to mitigate risk. 10 | - Conduct vulnerability assessments and penetration tests to evaluate the strength of security defenses. 11 | - Monitor and respond to network security events, including intrusion attempts and malware outbreaks. 12 | 13 | # Hard Skills 14 | 15 | - Expertise with network security solutions such as Cisco ASA, Fortinet FortiGate, Sophos XG Firewall, F5 Big-IP, and Mikrotik RouterOS. 16 | - Strong knowledge of network protocols (TCP/IP, DNS, HTTP/S, BGP, etc.) and experience with securing these protocols. 17 | - Proficiency in configuring and managing firewall rules, VPNs, SSL/TLS certificates, and IDS/IPS systems. 18 | - Hands-on experience with next-generation firewall features like Application Control, Intrusion Prevention Systems (IPS), and Secure Web Gateways. 19 | - Familiarity with network security monitoring tools such as Wireshark, Zeek (formerly Bro), and SolarWinds. 20 | - Experience with Virtual Private Networks (VPNs) for secure remote access (SSL VPN, IPSec VPN). 21 | - Understanding of security frameworks and standards like NIST, ISO 27001, and CIS benchmarks for network security. 22 | 23 | # Soft Skills 24 | 25 | - Ability to manage multiple security incidents and prioritize tasks in a high-pressure environment. 26 | - Strong communication skills for collaborating with network and security teams, as well as explaining security issues to non-technical stakeholders. 27 | - Keen attention to detail and a proactive approach to threat detection and mitigation. 28 | - Continuous learning to stay updated on the latest network security threats and technology advancements. 29 | 30 | # Education 31 | 32 | - Bachelor's degree in Network Engineering, Information Technology, Cybersecurity, or a related field. 33 | - Master's degree or additional experience is a plus. 34 | 35 | # Certifications 36 | 37 | - Cisco Certified Network Associate (CCNA) Security 38 | - Fortinet NSE4/NSE7 39 | - Sophos Certified Architect 40 | - F5 Certified BIG-IP Administrator (F5-CA) 41 | - Mikrotik Certified Network Associate (MTCNA) 42 | 43 | # Job Salary 44 | 45 | ## Asia 46 | 47 | $52K <= $61K <= $73K 48 | 49 | ## Africa 50 | 51 | $28K <= $35K <= $48K 52 | 53 | ## North America 54 | 55 | $70K <= $125K <= $160K 56 | 57 | ## South America 58 | 59 | $27K <= $42K <= $58K 60 | 61 | ## Europe 62 | 63 | £52,000 <= £59,000 <= £74,000 64 | 65 | ## Oceania 66 | 67 | AU$65K <= AU$88,000 <= AU$120K 68 | 69 | # Interview Questions 70 | 71 | - What security protocols and solutions do you implement to protect a network? 72 | - How do you handle a situation where there is a potential network intrusion? 73 | - Can you describe your experience with firewall configuration and VPN deployment? 74 | - How would you secure a network with both on-premises and cloud-based resources? 75 | 76 | # Training Resources 77 | 78 | - Cisco Network Security: https://www.cisco.com/c/en/us/support/security/index.html 79 | - Fortinet Training and Certification: https://training.fortinet.com/ 80 | - Sophos Training: https://training.sophos.com/ 81 | - F5 Networks Learning Center: https://f5.com/services/training 82 | -------------------------------------------------------------------------------- /Network_Penetration_Tester.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment. 3 | 4 | 5 | 6 | # Baseline 7 | 8 | * 9 | 10 | 11 | # Hard Skills 12 | * Being skilful in using and interpreting results from common security tools including but not limited to Burp Suite, Nessus, OpenVAS, Yersinia, Scapy, Wireshark, Nmap (with advanced options), SQLMap, SSLyze, THC-IPV6, BeEF and other tools in PenToo or Kalinux distro. 13 | * Familiarity with industry standard classification schemes such as CVE, CVSS, CWE, CAPEC. 14 | * Experience with basic to intermediate working knowledge of Unix, Linux, Windows, network devices, firewalls, web and/or mobile application developments. 15 | * Be able to code at least in one scripting language: Ruby, Python, Perl or Burp Suite Plugin Scripting. 16 | * Willing to develop tools or scripts as necessary so as to create proof-of-concept in challenging engagements. 17 | * Possess strong analytical mind in analysing, and verifying findings from security tools. 18 | * Willing to conduct security research as necessary to discover critical hidden vulnerabilities. 19 | * Possess relentless self-motivation and passion to explore new technologies, learn new penetration testing techniques and tools, and circumvent security controls imposed in hardened applications. 20 | * Possess good interpersonal communication skills and helping mind in team-oriented environment. 21 | 22 | 23 | # Soft Skills 24 | * Excellent presentation and communications skills to effectively communicate with management and customers. 25 | * Ability to clearly articulate complex concepts (both written and verbally). 26 | * Ability, understanding, and usage of active listening skills (especially with customers!). 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * CEH 35 | * eJPT 36 | * OSCP 37 | * PNPT 38 | 39 | 40 | # Job Salary 41 | 42 | 43 | ## Asia 44 | $39K <= $71K <= $98K 45 | 46 | 47 | ## Africa 48 | $29K <= $41K <= $67K 49 | 50 | 51 | ## North America 52 | $45K <= $69K <= $102K 53 | 54 | 55 | ## South America 56 | $34K <= $51K <= $79K 57 | 58 | 59 | ## Europe 60 | £45,624 <= £69,999 <= £82,499 61 | 62 | 63 | ## Oceania 64 | AU$39K <= AU$54,990 <= AU$77K 65 | 66 | 67 | # Interview Questions 68 | * https://compsecurityconcepts.wordpress.com/2016/02/19/network-penetration-testing-interview-questions-answers/ 69 | 70 | 71 | # Training Resources 72 | * https://start.me/p/X2K4oB/network 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![ROADMAP](allv1.png) 2 | 3 | Cybersecurity Career Path ⬆️ 4 | 5 | ⚠️ Not Include Responsibilities 6 | 7 | ⚠️ Education and Certification are Optional 8 | 9 | ## Offensive 10 | 11 | * [Network Penetration Tester](https://github.com/rezaduty/security-career-path/blob/master/Network_Penetration_Tester.md) 12 | * [Mobile Penetration Tester](https://github.com/rezaduty/security-career-path/blob/master/Mobile_Penetration_Tester.md) 13 | * [Web Penetration Tester](https://github.com/rezaduty/security-career-path/blob/master/Web_Penetration_Tester.md) 14 | * [Application Penetration Tester](https://github.com/rezaduty/security-career-path/blob/master/Application_Penetration_Tester.md) 15 | * [Bug Bounty Hunter](https://github.com/rezaduty/security-career-path/blob/master/Bug_Bounty_Hunter.md) 16 | * [Red Team Member](https://github.com/rezaduty/security-career-path/blob/master/Red-Team-Member.md) 17 | * [Exploit Developer](https://github.com/rezaduty/security-career-path/blob/master/Exploit_Developer.md) 18 | 19 | 20 | ## Defensive 21 | 22 | * [Mobile Application Security](https://github.com/rezaduty/security-career-path/blob/master/Mobile_Application_Security.md) 23 | * [Source Code Auditor](https://github.com/rezaduty/security-career-path/blob/master/Source_Code_Auditor.md) 24 | * [Application Security Expert](https://github.com/rezaduty/security-career-path/blob/master/Application_Security_Expert.md) 25 | * [Threat Hunter](https://github.com/rezaduty/security-career-path/blob/master/Threat_Hunter.md) 26 | * [Blue Team Member](https://github.com/rezaduty/security-career-path/blob/master/Blue-Team_Member.md) 27 | * [Security Operation Center](https://github.com/rezaduty/security-career-path/blob/master/Security_Operation_Center.md) 28 | * [Cyber Threat Analyst](https://github.com/rezaduty/security-career-path/blob/master/Cyber_Threat_Analyst.md) 29 | * [Malware Analyst](https://github.com/rezaduty/security-career-path/blob/master/Malware_Analyst.md) 30 | * [Incident Responder](https://github.com/rezaduty/security-career-path/blob/master/Incident_Responder.md) 31 | * [Digital Forensic Analyst](https://github.com/rezaduty/security-career-path/blob/master/Digital_Forensic_Analyst.md) 32 | * [SCADA Security Specialist](https://github.com/rezaduty/security-career-path/blob/master/SCADA_Security_Specialist.md) 33 | * [Information Security Analyst](https://github.com/rezaduty/security-career-path/blob/master/Information_Security_Analyst.md) 34 | 35 | 36 | 37 | 38 | 39 | ## Researcher 40 | 41 | * [Security Researcher](https://github.com/rezaduty/cybersecurity-career-path/blob/master/Security_Researcher.md) 42 | * [Cyber Threat Analyst](https://github.com/rezaduty/cybersecurity-career-path/blob/master/Cyber_Threat_Analyst.md) 43 | * [Cyber Operation Systems Research Engineer](https://github.com/rezaduty/cybersecurity-career-path/blob/master/Cyber_Operation_Systems_Research_Engineer.md) 44 | 45 | 46 | ## Engineer 47 | 48 | * [DevSecOps Engineer](https://github.com/rezaduty/security-career-path/blob/master/DevSecOps_Engineer.md) 49 | * [Security Engineer(Software)](https://github.com/rezaduty/security-career-path/blob/master/Security_Engineer(Software).md) 50 | * [Security Engineer(Hardware)](https://github.com/rezaduty/security-career-path/blob/master/Security_Engineer(Hardware).md) 51 | * [Automation Engineer](https://github.com/rezaduty/cybersecurity-career-path/blob/master/Automation_Engineer.md) 52 | * [Network Security Engineer](https://github.com/rezaduty/cybersecurity-career-path/blob/master/NetworkSecurity_Engineer.md) 53 | * [Cloud Security Engineer](https://github.com/rezaduty/cybersecurity-career-path/blob/master/CloudSecurity_Engineer.md) 54 | * [Data Security Engineer](https://github.com/rezaduty/cybersecurity-career-path/blob/master/DataSecurity_Engineer.md) 55 | 56 | 57 | 58 | ## Officer 59 | 60 | * [Data Privacy Officer](https://github.com/rezaduty/security-career-path/blob/master/Data_Privacy_Officer.md) 61 | * [Chief Information Security Officer](https://github.com/rezaduty/security-career-path/blob/master/Chief_Information_Security_Officer.md) 62 | * [Chief Security Officer](https://github.com/rezaduty/security-career-path/blob/master/Chief_Security_Officer.md) 63 | 64 | ## Common Position Seniority Levels 65 | 66 | 1. **Intern** 67 | 68 | - Typically for students or recent graduates gaining initial work experience. 69 | 2. **Junior** 70 | 71 | - Entry-level positions requiring supervision and guidance; typically suited for those with limited experience. 72 | 3. **Mid-Level** 73 | 74 | - Professionals with a few years of experience who can work independently and manage projects with some complexity. 75 | 4. **Senior** 76 | 77 | - Experienced professionals with a high level of expertise who can mentor others and lead projects. 78 | 5. **Lead** 79 | 80 | - A role that often includes leadership responsibilities, overseeing teams or specific projects. 81 | 6. **Staff** 82 | 83 | - A senior technical role that may not have direct management responsibilities but involves significant expertise and influence within the organization. 84 | 7. **Principal** 85 | 86 | - Very senior position often responsible for setting technical direction, making architectural decisions, or influencing business strategy. 87 | 8. **Architect** 88 | 89 | - Focuses on the design and structure of systems and solutions, requiring extensive experience and expertise. 90 | 9. **Manager** 91 | 92 | - Typically involves overseeing teams or departments, focusing on personnel management in addition to technical skills. 93 | 10. **Director** 94 | 95 | - Senior management role responsible for strategic direction and overall leadership of a department or function. 96 | 11. **Vice President (VP)** 97 | 98 | - An executive-level position, often responsible for a significant area of the organization (e.g., cybersecurity, technology). 99 | 12. **C-Level (e.g., CTO, CISO)** 100 | 101 | - Executive positions that are responsible for the overall strategy and direction of the organization’s technology or security posture. 102 | -------------------------------------------------------------------------------- /Red-Team-Member.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Red Team performs group wide adversarial threat emulation activities to aid in the assessment of control and process effectiveness, against highly skilled and sophisticated attacker(s). The team operates across physical, people, process and technology in an effort to achieve well defined engagement goals and provide clarity on control effectiveness and gaps discovered along the attack path travelled across protect, monitor and response. 3 | 4 | 5 | # Baseline 6 | 7 | * 8 | 9 | 10 | 11 | # Hard Skills 12 | * Overall 3+ years of Information Security experience. 13 | * 3+ years of experience with executing web application, network, and system penetration tests for clients 14 | * Experience with web application development, system administration, and the software and system development life cycle 15 | * Experience with red-teaming and covert computer network exploitation 16 | * Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH 17 | * Experience in at least one development language e.g. Java, C, C# or similar 18 | * A good understanding of the OSI stack and the various protocols from layer 1 – 7 including SNMP, HTTP, VPN, 802.11. 19 | * Understanding of Industrial control systems including SCADA 20 | * Experience with Post Exaploitation tools such as CobaltStrike, Canvas, etc. 21 | 22 | 23 | # Soft Skills 24 | * Ability to clearly articulate complex concepts (both written and verbally). 25 | * Excellent independent (self-motivational, organizational, personal project management) skills. 26 | * Ability to think outside the box and emulate adversarial approaches. 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * ECPTX 35 | * EWPTX 36 | * OSWE 37 | * OSCE 38 | 39 | 40 | # Job Salary 41 | 42 | ## Asia 43 | $29K <= $60K <= $110K 44 | 45 | 46 | ## Africa 47 | $19K <= $34K <= $60K 48 | 49 | 50 | ## North America 51 | $33K <= $71K <= $156K 52 | 53 | 54 | ## South America 55 | $29K <= $58K <= $91K 56 | 57 | 58 | ## Europe 59 | £45,624 <= £69,999 <= £83,499 60 | 61 | 62 | ## Oceania 63 | AU$58K <= AU$83,990 <= AU$120K 64 | 65 | 66 | # Interview Questions 67 | * https://medium.com/@malcomvetter/how-to-pass-a-red-team-interview-9155828cfa1c 68 | * https://github.com/WebBreacher/offensiveinterview 69 | 70 | 71 | # Training Resources 72 | * RTFM Book 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /SCADA_Security_Specialist.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | The position will primarily be focused on supporting the building and maintenance of the ADMS Network Model – integrating the GIS As Built Model with existing legacy application SCADA settings and electrical attributes data, to produce the new ADMS Electrical Network Model. The position will work under the guidance and direction of other project personnel to support project activities. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * Technical SCADA or Automation experience in either a project execution or on-going maintenance capacity. 11 | * Demonstrated experience in working with industry protocols such as: DNP 3.0, Modbus RTU/TCP, Inter-control Center Protocol (ICCP). 12 | * Ability to create core and supplemental materials such as scope and requirements documents, test plans, design documents, training documents, etc. 13 | * Strong interpersonal, verbal, and written communication skills with the ability to work in a collaborative environment and interact with all levels of management within the Business and IT departments. 14 | * Electric utility background. 15 | * Working knowledge of Automation equipment such as RTUs, Data Concentrators, distributed I/O, media converters, etc. 16 | * Experience implementing technology solutions within the context of utility cyber security best practices and compliance. 17 | * Knowledge of database management and ability to write and run queries in SQL. 18 | * Experience programing in at least one of the major programming languages (C#, VBA, Java (J2EE) etc.) 19 | * Working knowledge of IT environments including hardware/software maintenance, networking, telecommunications infrastructure, TCP/IP. 20 | * Testing experience; Experience in executing functional and user acceptance testing (UAT) with specific experience in developing, documenting, and executing scenario-based testing scripts for UAT. 21 | * Demonstrates strong understanding of the impact(s) of technology changes to the collective business processes across functional units. 22 | * Strong technical acumen with the ability to understand different Distribution Management System functions and platforms. 23 | * Awareness and familiarity with tools / applications regularly used by electric distribution or transmission system Operators, Operating Engineers, and Planning Engineers such as: Power Flow modeling tools (e.g., CYME), operational data historian (e.g., OSIsoft Pi). 24 | * Demonstrated skills and experience with OMS/DMS or EMS software including relevant experience working on upgrade or replacement projects in the past. 25 | 26 | 27 | 28 | 29 | 30 | # Soft Skills 31 | * Strong operational focus and detailed understanding of the technology needs of a 24x7 operational control center. 32 | * Ability to be creative, versatile, efficient and productive in the face of ambiguity. 33 | * Project Management experience preferred. 34 | 35 | 36 | # Education 37 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 38 | 39 | 40 | # Certification 41 | * ICS410 42 | * ICS515 43 | * ICS465 44 | 45 | 46 | # Job Salary 47 | 48 | 49 | ## Asia 50 | $70K <= $99K <= $135K 51 | 52 | 53 | ## Africa 54 | $41K <= $54K <= $79K 55 | 56 | 57 | ## North America 58 | $75K <= $103K <= $160K 59 | 60 | 61 | ## South America 62 | $65K <= $79K <= $102K 63 | 64 | 65 | ## Europe 66 | £68,624 <= £74,999 <= £85,499 67 | 68 | 69 | ## Oceania 70 | AU$68K <= AU$79,990 <= AU$81K 71 | 72 | 73 | # Interview Questions 74 | * https://automationforum.in/t/scada-system-interview-questions/4328 75 | * http://aptronnoida.in/iqa/best-scada-interview-questions-answers/ 76 | 77 | 78 | # Training Resources 79 | * 80 | 81 | 82 | 83 | -------------------------------------------------------------------------------- /Security_Engineer(Hardware).md: -------------------------------------------------------------------------------- 1 | # Summary 2 | You will help us enhance and implement secure coding practices and hardware design for our current Axon product family as well as new products currently under design. You will help select and build advanced tooling to help the firmware engineering teams write secure code without destroying their flow. You will instrumentally be the advocate of these best practices to foster a culture of code and product security to ensure we build the most secure product possible. Above all, you come prepared to take an IoT platform through a secure development lifecycle from initial threat modeling and requirements generation to post-launch vulnerability discovery and remediation. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | 9 | # Hard Skills 10 | * 3-5 years professional experience 11 | * Low-level/embedded software engineering background; with a current focus on secure application development 12 | * Great at finding ways to break applications or devices, AND assisting engineering teams in securing threats 13 | * Deep understanding of common application and IoT device flaws, and how to fix them 14 | * Fluent in application and hardware attack tools and methodologies 15 | * Understanding of cryptography, RF analysis (using SDR), hardware debugging and secure elements, and IoT-specific security and usability methodologies 16 | * Experience teaching secure code practices; in 1:1 situations or to large teams 17 | * Experience with hardening Linux and RTOS systems 18 | 19 | 20 | # Soft Skills 21 | * Ability to think creatively about potential attack vectors and propose creative solutions on the fly 22 | * Ability to work independently and comfortably in a fast-paced environment 23 | 24 | 25 | # Education 26 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 27 | 28 | 29 | # Certification 30 | * 31 | 32 | 33 | # Job Salary 34 | 35 | 36 | ## Asia 37 | $68K <= $79K <= $115K 38 | 39 | 40 | ## Africa 41 | $39K <= $54K <= $69K 42 | 43 | 44 | ## North America 45 | $73K <= $99K <= $130K 46 | 47 | 48 | ## South America 49 | $52K <= $66K <= $102K 50 | 51 | 52 | ## Europe 53 | £55,624 <= £69,999 <= £74,499 54 | 55 | 56 | ## Oceania 57 | AU$68K <= AU$74,990 <= AU$81K 58 | 59 | 60 | # Interview Questions 61 | * 62 | 63 | 64 | # Training Resources 65 | * 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /Security_Engineer(Software).md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Information systems security engineers (ISSE), help businesses keep sensitive data safe. Data may include confidential client records such as patient records at a hospital, trade secrets, and financial records that are all potential targets from cyber-attacks. Being an ISSE plays important roles in guarding businesses, government, and individuals against hackers and cyber-criminals who are always creating new ways to infiltrate sensitive databases. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * At least 5+ years of experience in application security 10 | * Strong communication skills and ability to work in a team 11 | * Expertise with common security testing methodologies 12 | * Experience with automated or otherwise highly scalable application security solutions 13 | * Experience with building and customizing tools 14 | * Experience securing cloud environments (Azure, AWS) 15 | * Strong demonstrated knowledge of web protocols and an in-depth knowledge of Windows, Linux and/or Unix tools and architecture 16 | * Ability to accurately weight security risks against business operations and goals 17 | * Strong foundation in applied cryptography 18 | * Experience with SAST, DAST, and SCA 19 | * Experience with automation tools and deployments 20 | * Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences 21 | 22 | 23 | # Soft Skills 24 | * Excellent presentation and communications skills to effectively communicate with management and customers. 25 | * Ability to clearly articulate complex concepts (both written and verbally). 26 | * Ability, understanding, and usage of active listening skills (especially with customers!). 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * 35 | 36 | 37 | # Job Salary 38 | 39 | 40 | ## Asia 41 | $67K <= $79K <= $105K 42 | 43 | 44 | ## Africa 45 | $41K <= $54K <= $79K 46 | 47 | 48 | ## North America 49 | $73K <= $100K <= $130K 50 | 51 | 52 | ## South America 53 | $61K <= $88K <= $97K 54 | 55 | 56 | ## Europe 57 | £43,624 <= £47,999 <= £77,499 58 | 59 | 60 | ## Oceania 61 | AU$65K <= AU$71,990 <= AU$96K 62 | 63 | 64 | # Interview Questions 65 | * https://github.com/tadwhitaker/Security_Engineer_Interview_Questions 66 | 67 | # Training Resources 68 | * https://devskiller.com/screen-security-engineer/ 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /Security_Operation_Center.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | As a member of our Infrastructure & Information Security pod, you will support our cloud infrastructure by developing tools, building services, and providing consultative services to our engineering teams. You will be a key part in safeguarding our creators who entrust Teachable with their content every day. You’ll plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * Knowledge of cyber incident response processes 10 | * Experience with Qradar - Create/maintain rules, filters, dashboards, and reports – is a must 11 | * SIEM logs Parsing and technical knowledge. 12 | * Strong analytical, technical and communication skills. 13 | * Understanding of common network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns is a must 14 | * Knowledge in information security systems such as Firewalls, IDS/IPS, WAF, proxy, EDR etc. 15 | * Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.) 16 | * Extensive experience with network and security technologies, including IPv4, TCP/IP, LAN/WAN design theory, static/dynamic routing protocols, NAT, next-generation firewalls, secure email gateways, endpoint security, network access control, etc. 17 | * Working knowledge of security frameworks such as ISO, NIST, CIS, etc. 18 | * Report SOC related metrics as defined and required within contract 19 | * Define protocols and maturing ‘playbooks’ of operational response to cyber threats 20 | * Maintain and manage teams to operate within playbooks as defined Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs 21 | * Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions 22 | 23 | # Soft Skills 24 | * Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning 25 | * Strong interpersonal skills and a good team player 26 | * A strong passion for Information Security and to learn new things. 27 | 28 | 29 | # Education 30 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 31 | 32 | 33 | # Certification 34 | * SEC511 35 | * SEC555 36 | 37 | 38 | # Job Salary 39 | 40 | 41 | ## Asia 42 | $45K <= $61K <= $89K 43 | 44 | 45 | ## Africa 46 | $29K <= $41K <= $55K 47 | 48 | 49 | ## North America 50 | $53K <= $76K <= $116K 51 | 52 | 53 | ## South America 54 | $42K <= $61K <= $97K 55 | 56 | 57 | ## Europe 58 | £27,624 <= £49,999 <= £82,499 59 | 60 | 61 | ## Oceania 62 | AU$50K <= AU$59,990 <= AU$77K 63 | 64 | 65 | # Interview Questions 66 | * https://www.reddit.com/r/AskNetsec/comments/3p2m3i/soc_analyst_interview_questions/ 67 | 68 | 69 | # Training Resources 70 | * 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /Security_Researcher.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Has a strong track record of working with engineering and product teams on assessing applications against security standards, conducting risk-based assessments of application security practices, designing secure systems, and driving security by building close working partnerships with Product and Engineering professionals. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * 5+ Years' experience in Security Research, Web-Application & Network Penetration Testing or adjacent fields. 10 | * Deep knowledge of the cyber security threat landscape, attacker mind-set and trends. 11 | * Understand and apply attack and penetration concepts including the attack surface; identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected. 12 | * Software development experience/proficiency in multiple languages, mainly C/C++ and other object-oriented platforms. Experience with scripting languages such as Python/Perl/Ruby. 13 | * Operating System internals: PE, ELF, kernel, processes, networking, and hypervisors. 14 | * Experience with reverse engineering tools (e.g. disassemblers, debuggers, instrumentation frameworks, etc.). 15 | * Basic understanding of concepts in vulnerability research: Shell code, ROP, ASLR, exploit types, and heap manipulation. 16 | * An understanding of fault injection and side channel attacks 17 | * An understanding of past, current, and emerging security exploit types 18 | * Reverse engineering capabilities + working knowledge in IDA 19 | * Familiarity with secure bootloaders 20 | 21 | 22 | # Soft Skills 23 | * Team player with good interpersonal skills 24 | 25 | 26 | # Education 27 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 28 | 29 | 30 | # Certification 31 | * 32 | 33 | 34 | # Job Salary 35 | 36 | 37 | ## Asia 38 | $70K <= $90K <= $109K 39 | 40 | 41 | ## Africa 42 | $44K <= $60K <= $79K 43 | 44 | 45 | ## North America 46 | $75K <= $100K <= $126K 47 | 48 | 49 | ## South America 50 | $61K <= $74K <= $100K 51 | 52 | 53 | ## Europe 54 | £33,624 <= £63,999 <= £90,499 55 | 56 | 57 | ## Oceania 58 | AU$48K <= AU$69,990 <= AU$77K 59 | 60 | 61 | # Interview Questions 62 | * https://resources.infosecinstitute.com/top-30-vulnerability-researcher-interview-questions-and-answers-for-2019/#gref 63 | 64 | 65 | # Training Resources 66 | * 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /Source_Code_Auditor.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | Source code auditors expose vulnerabilities and prevent potential security threats. They also identify mistakes within source codes, eliminating inefficiencies. As industries become increasingly technical, the demand for auditors with source code expertise continues to grow. Source code auditors thoroughly assess code, prepare reports on their findings, and make recommendations for change. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * Up to date understanding of the source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Python or Ruby On Rails etc. that you will be assessing 10 | * Practical experience using computer operating systems such as MS Windows, UNIX/Linux 11 | * An analytical mind with the ability to make sense of source code. 12 | * Knowledge of DevSecOps and development pipeline integration and automation. 13 | * Knowledge of Static/Dynamic Code Analysis. 14 | * Identify the source of any malicious intent, or any weakness leading to access, and information leaks 15 | * Working knowledge of intellectual property law, and all governing laws related to information assurance 16 | * Communicate audit results interdepartmentally and with legal teams 17 | 18 | 19 | # Soft Skills 20 | * Continuous learning on the job 21 | 22 | 23 | # Education 24 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 25 | 26 | 27 | # Certification 28 | * Secure Coding in Java(ISC2) 29 | * Secure Coding in .NET(ISC2) 30 | * Secure Coding in PHP(ISC2) 31 | * SEC534 32 | * DEV541 33 | * DEV544 34 | 35 | 36 | # Job Salary 37 | 38 | 39 | ## Asia 40 | $44K <= $59K <= $78K 41 | 42 | 43 | ## Africa 44 | $20K <= $31K <= $39K 45 | 46 | 47 | ## North America 48 | $50K <= $65K <= $90K 49 | 50 | 51 | ## South America 52 | $39K <= $47K <= $70K 53 | 54 | 55 | ## Europe 56 | £22,624 <= £39,999 <= £58,499 57 | 58 | 59 | ## Oceania 60 | AU$32K <= AU$42,990 <= AU50K 61 | 62 | 63 | # Interview Questions 64 | * https://www.geeksforgeeks.org/tag/secure-coding/ 65 | 66 | 67 | # Training Resources 68 | * 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | Workflow Engineer 2 | Automation Engineer 3 | Detection Engineer 4 | -------------------------------------------------------------------------------- /Threat_Hunter.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | You will hunt for cyber threats in our networks using our suite of cyber tools. You will use your understanding of attack vectors to seek out threats looking to exploit those networks to gain unauthorized access to our sensitive data. This position requires creative thinkers who are able to develop and field new methods for detecting malicious activity. This is an opportunity to take a new approach to cyber defense and help us build a world class threat detection organization. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * Windows/AD file systems, registry functions, and memory artifacts 10 | * Unix/Linux file systems and memory artifacts 11 | * Mac file systems and memory artifacts 12 | * Database, web application, cloud, and/or mobile device cyber incident response principles and techniques 13 | * Cybersecurity automation 14 | * Security Information and Event Monitoring (SIEM) utilities (e.g. Splunk, QRadar, etc.) 15 | * Application, service, and machine log analysis 16 | * Common application-layer protocols (e.g. DNS, HTTP, TLS, SMB) 17 | * Network traffic metadata extraction and analysis using common packet capture utilities (e.g. Wireshark, tcpdump, Bro/Zeek, Snort, Suricata, etc.) 18 | * Malware analysis using sandboxes or other capabilities 19 | * Knowledge of Advanced Persistent Threat (APT) actors and associated tools, techniques, and procedures (TTPs) 20 | * Experience with open-source and proprietary Cyber Threat Intelligence data, to include the use of threat taxonomies, models (e.g. MITRE ATT&CK), and Indicators of Compromise (IOCs) 21 | * Experience with one or more scripting language (Bash, Python, Perl, PowerShell, etc.) 22 | * Experience managing cases with enterprise SIEM or Incident Management systems 23 | 24 | 25 | 26 | 27 | 28 | # Soft Skills 29 | * Strong critical thinking skills 30 | * Strong interpersonal skills with the ability to communicate technical issues to non-technical staff 31 | 32 | 33 | # Education 34 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 35 | 36 | 37 | # Certification 38 | * eCTHP 39 | 40 | 41 | # Job Salary 42 | 43 | 44 | ## Asia 45 | $39K <= $59K <= $85K 46 | 47 | 48 | ## Africa 49 | $25K <= $32K <= $43K 50 | 51 | 52 | ## North America 53 | $45K <= $69K <= $102K 54 | 55 | 56 | ## South America 57 | $35K <= $54K <= $79K 58 | 59 | 60 | ## Europe 61 | £36,624 <= £41,999 <= £63,499 62 | 63 | 64 | ## Oceania 65 | AU$78K <= AU$85,990 <= AU$99K 66 | 67 | 68 | # Interview Questions 69 | * https://resources.infosecinstitute.com/top-31-threat-hunting-interview-questions-and-answers-for-2019/ 70 | 71 | 72 | # Training Resources 73 | * 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /Web_Penetration_Tester.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment. 3 | 4 | # Baseline 5 | 6 | * 7 | 8 | # Hard Skills 9 | * Understanding of web application development and technologies. 10 | * Familiarity with industry standard classification schemes such as CVE, CVSS, CWE, CAPEC. 11 | * Familiarity with the systems / technologies used to host web applications. 12 | * Familiarity with commercial and open source vulnerability / penetration testing tools. 13 | * Experience developing custom code and scripts. 14 | * Familiarity with IP network architecture technology and protocols, Windows and Linux operating systems, routing, web technologies and protocols, common programming and scripting languages, SQL databases and queries, and OWASP. 15 | 16 | 17 | # Soft Skills 18 | * Excellent presentation and communications skills to effectively communicate with management and customers. 19 | * Ability to clearly articulate complex concepts (both written and verbally). 20 | * Ability, understanding, and usage of active listening skills (especially with customers!). 21 | 22 | 23 | # Education 24 | * Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience 25 | 26 | 27 | # Certification 28 | * eWPT 29 | * SEC542 30 | * EWPTX 31 | * SEC642 32 | 33 | 34 | 35 | # Job Salary 36 | 37 | 38 | ## Asia 39 | $58K <= $76K <= $85K 40 | 41 | 42 | ## Africa 43 | $30K <= $43K <= $61K 44 | 45 | 46 | ## North America 47 | $65K <= $81K <= $111K 48 | 49 | 50 | ## South America 51 | $56K <= $70K <= $78K 52 | 53 | 54 | ## Europe 55 | £31,624 <= £60,999 <= £98,499 56 | 57 | 58 | ## Oceania 59 | AU$60K <= AU$69,990 <= AU$75K 60 | 61 | 62 | # Interview Questions 63 | * https://www.synopsys.com/blogs/software-security/web-appsec-interview-questions/ 64 | * https://medium.com/@techcluesblog/penetration-testing-interview-questions-22842d4d668f 65 | 66 | 67 | # Training Resources 68 | * https://start.me/p/PwmnBd/web 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /allv1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rezaduty/cybersecurity-career-path/64cb60fb70a0da29e0cb22b5664bf2c504575128/allv1.png --------------------------------------------------------------------------------