Job Description & Summary

We are looking for passionate and experienced individuals who are immersed in the offensive side of the information security industry. The ideal candidate will be self-motivated, have an eagerness and aptitude to learn in the challenging environment.

Penetration Tester

Responsibilities:

• Identify and exploit vulnerabilities in commercial, open source, and custom software applications and underlying cloud infrastructure

• Manage vulnerability and exploit data in large scale tests using collaboration tools across a global team

• Knowledge of existing, emerging threats, web security principles and attack vectors

• Ability to author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options according to NIS standards.

• Deliver technical debriefs to engineers and developers during report discussion meetings as required

• Maintain testing tools, hardware, and equipment, creating new tools where appropriate

• Provide guidance to application development groups on application security best practices

• Support application security assessment result review and mitigation approval

• Support remediation effort and track open issues and follow up to ensure remediation

• Demonstration of continuous professional learning the latest and most advanced security testing techniques, development tools and frameworks

Qualifications:

Required Qualifications: 

• Passion for penetration testing

• 4-5 years Penetration Testing Experience

• One minimum certification from desirable penetration certifications (e.g. Security+, CEH (including practical), ECSA(including practical), LPT(including practical))

• Demonstrable experience identifying and exploiting vulnerabilities in commercial, open source, and custom software products

• Automation experience

• Python, Bash programming

• Demonstrate capability of manually executing OWASP based of attacks

• Demonstrable experience conducting post-exploitation lateral movements activities is required

• Strong knowledge of common networking configurations, load balancing, firewalls, and security controls

• Strong knowledge of authentication and SSO technologies

• Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

• Strong knowledge of applied cryptography and common implementation flaws

• Strong Knowledge of virtualized infrastructures is preferred

Preferred Qualifications:

• One minimum certification from desirable penetration certifications (e.g. OSCP, OSWE, GPEN, GWAPT, GXPN,  CREST CRT/CCT [certified web/infrastructure tester])

• Demonstrable experience identifying and exploiting vulnerabilities APIs (JSON/REST/SOAP/XML/AJAX)

• Demonstrable experience identifying and exploiting vulnerabilities in mobile applications (iOS, Android) is highly preferred

• Demonstrable strong experience with penetration testing tools (e.g. Metasploit, Burp Suite, Appspider etc.)

• Ability to write a code in python and ruby is highly preferred

• Ability to understand Java, C#, JavaScript Frameworks such as C#, .Net, Python, node.js, jQuery, Bootstrap, Django, JavaScript, mobile app development, Go, and other common languages is a plus

• Ability to build automation to eliminate recurring work

• Demonstrable experience conducting code reviews is optional

• Excellent written communication skills are plus

• Excellent knowledge of common operating systems is required, knowledge of less popular and legacy operating systems is a plus