Sign up for our
weekly
newsletter
of fresh jobs
This posting has been extended beyond the initial anticipated closing date.
JOB SCOPE
Responsible for conducting penetration testing of information systems, networks, applications, and databases for vulnerabilities and risks within technology environments. Provides simulated cyberattacks and security assessments, under general direction, to probe existing security measures for potential weaknesses and check for exploitable vulnerabilities. Maintains deep knowledge of vulnerabilities and exploits to discern how they affect different systems and network protocols and their communication with each other. Works closely with engineering and technical operations staff to plan, discover, test, and report on penetration testing engagements and identified findings.DUTIES AND RESPONSIBILITIES• Perform web application penetration testing, network penetration testing, mobile application penetration testing, and source code reviews.• Basic understanding of a software development lifecycle, scripting languages, and public and private cloud environments.• Lead penetration testing engagements including scoping, testing, reporting, and debriefing findings to business stakeholders.• Demonstrate expertise with applications, operating systems, firmware, etc., with regards to vulnerabilities and appropriate remediation activities to eliminate risk to the business.• Able to work with applications, platforms, and business owners to identify scope and outline requirements for testing engagements.• Document and create reports outlining the findings identified as part of an engagement and communicate to business stakeholders.• Proficiency in at least one programming language (e.g., Bash, Python, PHP, Ruby) to support development of testing scripts and tools.• Review information security trends and leverage new sources for emerging threats and vulnerabilities.• Ensure compliance with security standards, policies, and procedures.• Adhere to industry–specific local, state, and federal regulations, as applicable.BASIC / MINIMUM QUALIFICATIONS• Bachelor's degree in computer science or information systems or related field or equivalent experience.• Minimum of four (4) years of IT/network operations/support.• At least four (4) years of information security operations.ADDITIONAL JOB QUALIFICATIONS• Strong knowledge of Microsoft Office tools, especially Excel, Word, Visio, and PowerPoint with the ability to document, prepare, and present data–driven summaries.• Contribute to the development of the penetration testing methodologies, testing capabilities and practices, and engagement deliverables within the security operations team.• Experience with open–source security testing standards and projects, such as OWASP, OSSTMM, NIST 800–115, and/or PTES.• Strong knowledge of network and application testing technologies and tools, such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux Suite, Postman, and others.• Working knowledge of TCP/IP and advanced host and network security administrative and technical controls.• Demonstrated capabilities with the ability to work across functional boundaries, build consensus and drive results.• Strong written and verbal communication skills and good presentation skills.• Must be a problem solver, able to balance competing priorities, have a strong process orientation and be able to manage through complexity and rapid change.PREFERRED QUALIFICATIONS• Experience in a security operations support role performing penetration testing or similar.• Experience with penetration testing tools such as Burp Suite, Kali Linux Suite, OWASP Zap.• Current security certifications, such as CompTIA Security+, CISSP, CEH, and SANS GIAC.