Job Description & Summary
We are looking for passionate and experienced individuals who are immersed in the offensive side of the information security industry. The ideal candidate will be self-motivated, have an eagerness and aptitude to learn in the challenging environment.
Penetration Tester
Responsibilities:
-
Identify and exploit vulnerabilities in commercial, open source, and custom software applications and underlying cloud infrastructure
-
Manage vulnerability and exploit data in large scale tests using collaboration tools across a global team
-
Knowledge of existing, emerging threats, web security principles and attack vectors
-
Ability to author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options according to NIS standards.
-
Deliver technical debriefs to engineers and developers during report discussion meetings as required
-
Maintain testing tools, hardware, and equipment, creating new tools where appropriate
-
Provide guidance to application development groups on application security best practices
-
Support application security assessment result review and mitigation approval
-
Support remediation effort and track open issues and follow up to ensure remediation
-
Demonstration of continuous professional learning the latest and most advanced security testing techniques, development tools and frameworks
Qualifications:
Required Qualifications:
-
Passion for penetration testing
-
4-5 years Penetration Testing Experience
-
One minimum certification from desirable penetration certifications (e.g. Security+, CEH (including practical), ECSA(including practical), LPT(including practical))
-
Demonstrable experience identifying and exploiting vulnerabilities in commercial, open source, and custom software products
-
Automation experience
-
Python, Bash programming
-
Demonstrate capability of manually executing OWASP based of attacks
-
Demonstrable experience conducting post-exploitation lateral movements activities is required
-
Strong knowledge of common networking configurations, load balancing, firewalls, and security controls
-
Strong knowledge of authentication and SSO technologies
-
Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
-
Strong knowledge of applied cryptography and common implementation flaws
-
Strong Knowledge of virtualized infrastructures is preferred
Preferred Qualifications:
-
One minimum certification from desirable penetration certifications (e.g. OSCP, OSWE, GPEN, GWAPT, GXPN, CREST CRT/CCT [certified web/infrastructure tester])
-
Demonstrable experience identifying and exploiting vulnerabilities APIs (JSON/REST/SOAP/XML/AJAX)
-
Demonstrable experience identifying and exploiting vulnerabilities in mobile applications (iOS, Android) is highly preferred
-
Demonstrable strong experience with penetration testing tools (e.g. Metasploit, Burp Suite, Appspider etc.)
-
Ability to write a code in python and ruby is highly preferred
-
Ability to understand Java, C#, JavaScript Frameworks such as C#, .Net, Python, node.js, jQuery, Bootstrap, Django, JavaScript, mobile app development, Go, and other common languages is a plus
-
Ability to build automation to eliminate recurring work
-
Demonstrable experience conducting code reviews is optional
-
Excellent written communication skills are plus
-
Excellent knowledge of common operating systems is required, knowledge of less popular and legacy operating systems is a plus