Exploits information security vulnerabilities and security misconfigurations to achieve the highest level of security access possible.
Records high level details of the penetration testing process from note taking during procedure to consolidated deliverable reporting.
Assesses and calculates risk based on vulnerabilities and exposure discovered during testing.
Performs validation testing of security vulnerabilities that have been remediated and provide evidence for correction and closure.
Develops and maintains penetration testing procedures and methodologies for departmental use.
Collaborates with cybersecurity teams to maintain the company’s information security policies and procedures.
Researches and experiments with new threat vectors and develops Proof of Concept code and attacks.
Develops new tools to achieve exploitation that reveals security weaknesses.
Debriefs technical and non-technical audiences on the threat assessment reports that outline penetration test findings.
Other related duties assigned as needed.
What you bring:
Strong understanding of various web technologies and testing methodologies
Demonstrates and ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience
Excellent communication skills including the ability to render concise reports, summaries, and formal presentations
Must have experience and be very proficient with the common tools associated with penetration testing (Metasploit, Burp Suite, Cobalt Strike, etc.)
Sound knowledge of OWASP Top 10 and other security standards
Demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
Must be able to both work independently as well as effectively work in teams with individuals with a variety of skills and backgrounds.
Expertise in at least one related functional area: Network Security, Reverse Engineering, Programming, Databases, Mainframes, Web Applications, etc.
Must have one or more of the following:
Applications/System development experience
Linux and Windows in-depth proficiency
Familiarity with XML, SOAP, and AJAX
Proficient with programming/scripting languages
EDUCATION REQUIREMENTS
Bachelor’s degree in Computer Science, Cyber Security, or the equivalent, and/or 5 years’ experience in the information security industry.
One or more relevant professional certifications such as (OSCP) Offensive Security Certified Professional, (GPEN) GIAC Penetration Tester, (OSWE) Offensive Security Web Expert, (GWAPT) GIAC Web Application Penetration Tester.
--
You must verify your mobile number to apply to this job.