MID Level Penetration Tester

Job Description

<p>Our company is searching for experienced candidates for the position of penetration tester a s part of the Cyber Assessments team , provide cybersecurity scanning and testing services, threat intelligence integration to provide cybersecurity customers with findings and information that informs the risk management and decision-making . We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.</p><p><br></p><p>Responsibilities for penetration tester</p><ul><li>Support the analysis, development, evaluation, and production of all IC IA cyber security compliance and performance reports</li><li>Responsibility for delivering high end technical testing on complex and sensitive assignments</li><li>Actively undertaking research and other activity to enhance the company’s IPR and industry standing</li><li>To work consistently to the highest standards possible</li><li>To take responsibility for personal development, learning and performance levels</li><li>In addition to the duties and responsibilities listed, the job-holder is required to perform other duties assigned by the</li><li>Collaborate with the Engineering and Operations team to review code and identify possible security risks</li><li>Develop and execute a penetration testing plan for each new release</li><li>Provide coding/technical recommendations and remedies</li><li>Spend hours trying to break our app (aka – penetration testing)</li></ul><p><br></p><p>Qualifications for penetration tester</p><ul><li>Demonstrates general knowledge of concepts such as OWASP Top 10, vulnerability scanning, and penetration testing methodologies (OWASP, PTES, OSINT).</li><li>Conducts and assists with automated and manual security testing of applications, infrastructure, and public cloud platforms to identify and validate vulnerabilities.</li><li>Retests previously discovered vulnerabilities to confirm successful remediation.</li><li>Develops and maintains documentation such as procedures, assets, communication, etc.</li><li>Performs quality assurance of penetration testing and vulnerability scan artifacts.</li><li>Contribute to the enhancement of the penetration testing program.</li><li>Provides technical evaluation and analysis. Supports activities, process, and tools needed to improve overall security posture of the organization.</li><li>Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation.</li><li>Knowledge of host identification and exploitation of vulnerabilities</li><li>Knowledge of phishing procedures</li><li>Knowledge of script writing and crafting of payloads</li><li>Knowledge of database operations and system/network administration</li><li>In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)</li><li>Ability to operate in a critical fashion in dynamic environments</li><li>Knowledge of FISMA and NIST 800 series standards</li><li>In-depth knowledge of network mapping, vulnerability scanning, penetration testing, Mobile and Web Application testing</li><li>In-depth knowledge of the procedures of Phishing Assessments, Wireless Assessments, Operating System Security Assessments, and Database Assessments</li><li>3+ years operational experience</li><li>At least&nbsp;two&nbsp;certificate of the following: OSCP, OSEP, OSWE, GPEN, GXPN, or equivalent&nbsp;</li></ul>