Penetration Tester (Application focused)

Location: Remote, United States
Date Posted: 10-17-2018
 
Position: Penetration Tester – Application Testing Focus

Job Description: Highly collaborative, fast paced, and agile, responsible for providing offensive security services to clients across the following industries: chemical, law firms, technology & communications, financial services, manufacturing, transportation, health & life sciences, oil & gas, and utilities. Our penetration testing services span enterprise penetration testing, web application testing, social engineering, advanced threat emulation, cross-functional cyber analysis, and intelligence and architecture.
In this position the candidate will have the opportunity to lead and perform testing engagements for critical infrastructure companies and some of the world’s largest organizations. 
Required Qualifications:
  • Prior experience performing penetration testing on enterprise networks, web applications, mobile applications, etc.
  • Familiarity with Incident Response, Threat Monitoring, and Cyber Threat Intelligence functions, and a functional knowledge of how to fuse threat intelligence into attack methodologies.
  • Previous experience designing pragmatic remediation guidance for discovered vulnerabilities.
  • Previous experience leading technical projects and ensuring documented requirements are delivered with excellence.
  • Previous experience with gathering and developing actionable intelligence resulting from open-source intelligence repositories.
  • Previous experience testing authentication services such as Microsoft Active Directory, LDAP, Okta Identity Management, etc.
  • Previous experience testing in cloud-hosted environments such as AWS and Microsoft Azure
  • Knowledge of industry recognized attack frameworks (ATT&CK, Kill Chain, etc.) and security control guidance (NIST, ISO, etc.).
  • Strong experience across all modern Microsoft Windows operating systems.
  • Experience with tools and platforms including: Burp Suite, Metasploit, Canvas, Cobalt Strike, Kali, Back Box, SET, etc.
  • Bachelor’s Degree in an IT related field or equivalent relevant work experience.
Desired Qualifications:
  • Relevant certifications (GWAPT, OSCP, OSCE, GPEN, etc.).
  • Familiarity with scripting languages such as Bash, Python, Perl, PowerShell, etc.
  • Previous experience developing web applications in relevant languages (Java, JavaScript, .NET, PHP, C++, Ruby)
  • Previous experience configuring APIs and web services (SOAP, REST, WSDL, XML/SPML, JSON)
  • Previous experience performing other types of testing such as IoT/ICS device testing.
  • Previous experience testing applications hosted in containerized and cloud services environments
  • Previous experience working with and providing consulting services related to the Security Development Lifecycle (SDL) and DevSecOps
  • Previous experience providing consulting services to Global 1000 customers.
  • Previous experience designing, organizing, and executing penetration tests and vulnerability assessments.
  • Strong communication (both oral and written) and client intimacy skills with experience briefing corporate executives and professionals.
  • Experience working across organizational lines of business to implement mitigations, remediations, and countermeasures resulting from penetration testing discoveries.
  • Previous experience working within Operational Technology (OT) Networks to include Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN). 
  • Previous experience developing proposals, statements of work, and general content to support business capture.
  • Master’s Degree in an IT related field
Position Type: Salaried / Exempt.  Position level and compensation commensurate with candidate’s knowledge and professional experience. 
Primary Location: Remote/Virtual within Continental US 
Travel Requirement: Up to 50% 
or
this job portal is powered by CATS