Our client’s product security group is currently being established to support the success of all digital products across the portfolio. This is an opportunity to join in the establishment of an organization and to be a part of defining and designing a leading-edge product security practice.
The Sr. Penetration Tester will be an integral part of assessing the security posture of deployed products, from websites & APIs to devices and mobile applications.
What you’ll do:
- Build out testing lab with isolated network, servers, tools, and technologies
- Conduct device and application penetration testing, vulnerability scans, and code reviews
- Conduct security assessments on a wide variety of technologies and implementations
- Automate recurring tests for incremental versions and common technologies
- Simulate sophisticated cyberattacks to identify vulnerabilities for products
- Stay abreast of new tools and techniques in software/device security and champion introduction of new approaches
- Work with product teams to interpret results and develop remediation strategies
- Assess and report on the security posture of products
- Advise product engineering teams on security principles and architectures
- Assist in evaluating potential security tools, devices, or methods
What you’ll bring:
- Experience performing hands on, web application, API, and/or mobile application penetration testing
- Experience performing assessments of industry IT operating system, software database, or hardware
- Experience with basic scripting and task automation frameworks
- An understanding of vulnerability assessment and penetration testing methodologies
- Passion for securing technology in all its forms
- An understanding of networking protocols and operating systems
- Ability to quickly analyze, incorporate and apply new information and concepts
- Ability to work with diverse and global teams
- Self-motivation and the ability to work with little supervision, consistently taking the initiative to get things done
- A demonstrated ability to think beyond the results a tool is telling you and identify and interrogate non-standard vulnerabilities.
- A demonstrated ability to filter raw scan results into a consumable, actionable set of issues.
- Ability to adapt with project changes as needed
- An aptitude for technical writing, including assessment reports, presentations and operating procedures
- Excellent written, verbal communication, and organizational skills, coupled with a consultative approach, and professional mannerisms with includes professional tone, and timeliness responsiveness.
What you’ll have:
- BS/MS in Computing/Security-related field
- 6+ years experience in the Security Testing field
- SANS, GPEN, GWAPT, GISF, GXPN, OSCP, OSCE, OSWP, OSEE, CISSP, or other relevant representation of knowledge
- Port, Protocol, and Service enumeration: NMap, Masscan, Unicomscan
- Operating System vulnerability assessment: Tenable Nessus, Nexpose
- Web Application testing: Metasploit, BurpSuite, ZAP, Nikto, Dirbuster, SQLMap, HP Weblnspect , App Scan
- Penetration testing Linux distros: Backbox, Kali, Matriux Linux
- Working knowledge of NIST Special Publications 800-37, 800-53, and 800-118
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTED) and National Institute of Standards and Technology (NIST) Special Publications (including 800-37, 800-53, and 800-118)
- Knowledge of threat modeling methodologies
- Understanding of Cyber Kill Chain & Intelligence Defense