Control Risks is a global risk consultancy specialising in helping organisations manage political, integrity and securityrisks in complex and hostile environments.We are a medium-sized, rapidly growing company. Since our inception in 1975, we have worked with more than 5,000 clients in over 135 countries worldwide. Our renowned expertise, the breadth of our services and the geographical reach of our organisation enables us to help our clients meet their challenges and realise new business opportunities across the world.Employer visionPeople should come to work with us because we provide real benefit tomany of the world’s leading organisations. In doing so we give our people direct responsibility, career development and the opportunity to work on some fascinating projects in a rewarding, diverse and enjoyable environment.Job titlePenetration TesterLocationWashington, DC(preferred) / Houston / New York / Los AngelesType of engagement Permanent, Full-timeDepartmentCrisis and Security ConsultingManagerPrincipal, Cyber SecurityJob purposeControl Risks is seeking a Penetration Tester to join our Cyber Security team within the Crisis and Security Consulting group. The Penetration Tester will be expected to workin a collaborative environment as part of a small team performing in-depth penetration testing for our clients.The Penetration Tester will be responsible to supportour clients in securingtheir data through an assessment of their vulnerabilitiesandwith deepunderstanding ofthe potential risksthese present for them. This will allow us to develop solutions and provide the necessary measurements based on our clients’ requirements.Penetration
Tasks and responsibilities Perform network penetration, web and mobile application testing, wireless network assessmentsDevelop scripts, tools, or methodologiesProvide consulting services in the discipline of vulnerability managementResponsible for delivery and post-delivery supportDevelop reports and presentations Effectively communicate findings and strategy to clientsRecognize and safely utilize attacker tools, tactics, and proceduresAssist with scoping prospective engagements, leading engagements from kick-offthrough remediation, and mentoring less experienced staffKnowledge and experience 5 –7 years of experienceExperience with network penetration testingStrong knowledge of tools used for wireless, web application, and networksecurity testingMobile and/or web application assessmentsEmail, phone, or physical social-engineering assessmentsExperience delivering penetration testing consulting engagementsRed team or ethical hacking experienceExperience with programming in one or more of the following: Python, Ruby, Bash, Perl, C, orC++, including scripting and editing existing codeExperience with security tools, including Burp Suite Pro, Nessus, Nmap, and MetasploitKnowledgeof Unix/Linux/Mac/Windows operating systems, including bash and PowershellDemonstrated experience inwriting technical reports and ability to communicate effectively
Qualifications and specialist skillsEssentialExcellent verbal and written communication skillsAbility to be flexible, proactive, and understand situations quicklyCandidate must have the ability to work independently and as part of a teamWilling to work in a rapidly changing and growing environmentCertifications such as CEH, OSCP, CISSP, CISM, OSCP, CREST, CRT or equivalent
PreferredBachelor’s degreeAbility to obtain a security clearanceCompetenciesAnalyticalInnovative and creativeResults orientedEmpathetic and Diplomatic Global awarenessFlexibleBehaviours All employees are expected to display behaviours reflective of our company values: Integrity and Ethics, Collaboration and Teamwork, Commitment to Peopleand Professionalism and Excellence.