Sign up for our
weekly
newsletter
of fresh jobs
Job Role: Senior Infrastructure Penetration Tester/ResearcherLocation: Fort Lauderdale, FL/RemoteDuration: 12 Months (Possible Extension/Conversion)Location Fort Lauderdale.For the right resource, Telecommuter is okok with lighter pen testing if strong scripting/coding and security tooling experience is deep (Python, Go, Bash, C++/C, Rust), we can train on the pentesting, The tooling development and strength in areas like containerization/CI-CD are key for the success of this role.Job DescriptionAbout Client:Client, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Client provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.As a bank with a brain and a soul, Client creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.The RoleThe Senior Infrastructure Penetration Tester/Researcher plays a vital role in Client's Vulnerability Assessments (VA) team and is responsible for providing VA services to all Client businesses and technology teams globally. The position will be identifying weaknesses and vulnerabilities within the Client infrastructure and is part of a larger, global team that collectively provide VA support to all of Client's business groups. Commercial and open source Vulnerability Assessment tools and utilities are leveraged during these assessments.Responsibilities• Provide Vulnerability Assessment/Penetration Testing services to Client businesses globally through a comprehensive testing process• Participate in special projects ranging from tooling and methodology development, advanced penetration testing as well as architecture reviews with sister teams to “shift-left“• Serve as an SME for Infrastructure Penetration Testing in with emerging tooling sets(Containerization, AI, CI/CD etc)• Participate in the enhancement of testing processes and methodologies• Participate in building custom tooling aligned with strategic initiatives• Validation of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards• Scan systems and applications, leverage initial results to build a subsequent attack methodology and execute effectively• Report Information Security vulnerabilities to businesses in an actionable mannerQualifications• 3-5 years' of relevant experience required in Offensive Security with a history of gradually expanding experience including network and overall infrastructure pentesting• Strong scripting/coding and security tooling experience(Python, Go, Bash, C++/C, Rust) ( willing to discuss if knowledge here is deep and “pentesting” is light ) @Roy, Rabin [TECH-FS] FYI• Reverse Engineering / Exploit Development• Strong hands-on experience with Vulnerability Assessment/Enumeration tools, e.g., Tenable Nessus, Qualys VM, OSS enumeration tools• Demonstrate hands on experience with penetration testing tools i.e. Kali suite, open-source tooling, Living Off The Land(OS), LOLBINS etc• Deep understanding of TCP/IP, Infrastructure stacks(i.e. 3 tier, segmented environments)• Demonstrable experience working effectively in Enterprise environments• Understanding of defensive security principles with an ability to demonstrate offensive opportunities• OS and Network Security Experience, e.g. Unix, Linux, Windows, Cisco, etc.• Understanding of common protocols, e.g. DNS, SMTP, SNMP, LDAP, Routing Protocols• Threat Mapping experience is a plus• Scripting (Bash, Python, etc.)• Design experience/understanding on infrastructure/systems (enterprise a big plus)• Exceptional interpersonal skills and a proven track record of working effectively with globally diverse teams• Ability to understand new and emerging technologies rapidly to keep up with an ever changing threat landscape• Ability to effectively document and explain exploits/vulnerabilities to technical and non-technical audiences including to senior leadership• Demonstrable proficiency in producing comprehensive penetration testing reports with actionable recommendationsEducation• Bachelor's Degree or equivalent work experience• OSCP, OSCE, GXPN, CREST preferred or similar demonstrable experienceThis job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.