Penetration Tester – Application Testing Focus
Job Description: H
ighly collaborative, fast paced, and agile, responsible for providing offensive security services to clients across the following industries: chemical, law firms, technology & communications, financial services, manufacturing, transportation, health & life sciences, oil & gas, and utilities. Our penetration testing services span enterprise penetration testing, web application testing, social engineering, advanced threat emulation, cross-functional cyber analysis, and intelligence and architecture.
In this position the candidate will have the opportunity to lead and perform testing engagements for critical infrastructure companies and some of the world’s largest organizations.
- Prior experience performing penetration testing on enterprise networks, web applications, mobile applications, etc.
- Familiarity with Incident Response, Threat Monitoring, and Cyber Threat Intelligence functions, and a functional knowledge of how to fuse threat intelligence into attack methodologies.
- Previous experience designing pragmatic remediation guidance for discovered vulnerabilities.
- Previous experience leading technical projects and ensuring documented requirements are delivered with excellence.
- Previous experience with gathering and developing actionable intelligence resulting from open-source intelligence repositories.
- Previous experience testing authentication services such as Microsoft Active Directory, LDAP, Okta Identity Management, etc.
- Previous experience testing in cloud-hosted environments such as AWS and Microsoft Azure
- Knowledge of industry recognized attack frameworks (ATT&CK, Kill Chain, etc.) and security control guidance (NIST, ISO, etc.).
- Strong experience across all modern Microsoft Windows operating systems.
- Experience with tools and platforms including: Burp Suite, Metasploit, Canvas, Cobalt Strike, Kali, Back Box, SET, etc.
- Bachelor’s Degree in an IT related field or equivalent relevant work experience.
- Relevant certifications (GWAPT, OSCP, OSCE, GPEN, etc.).
- Familiarity with scripting languages such as Bash, Python, Perl, PowerShell, etc.
- Previous experience configuring APIs and web services (SOAP, REST, WSDL, XML/SPML, JSON)
- Previous experience performing other types of testing such as IoT/ICS device testing.
- Previous experience testing applications hosted in containerized and cloud services environments
- Previous experience working with and providing consulting services related to the Security Development Lifecycle (SDL) and DevSecOps
- Previous experience providing consulting services to Global 1000 customers.
- Previous experience designing, organizing, and executing penetration tests and vulnerability assessments.
- Strong communication (both oral and written) and client intimacy skills with experience briefing corporate executives and professionals.
- Experience working across organizational lines of business to implement mitigations, remediations, and countermeasures resulting from penetration testing discoveries.
- Previous experience working within Operational Technology (OT) Networks to include Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN).
- Previous experience developing proposals, statements of work, and general content to support business capture.
- Master’s Degree in an IT related field
Salaried / Exempt. Position level and compensation commensurate with candidate’s knowledge and professional experience.
Remote/Virtual within Continental US
Up to 50%