Penetration Tester

American International   •  

Fort Worth, TX

Industry: Accounting, Finance & Insurance

  •  

Not Specified years

Posted 121 days ago

The Security Analyst/Penetration Tester will be an integral part of our team and will be reporting to the Manager of Penetration Testing. He/she will be someone who would,  -

Conduct Manual Penetration Test on a wide range of IT products, including Web Applications, Web Services, Mobile Applications, Thick Clients and Infrastructure Interfaces including AWS services

 - Conduct Red Team activities against People, Process and Physical assets

 - Assess the effectiveness of security tools used to defend attacks by our organization  - Perform thorough scoping and planning before conducting penetration tests

 - Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stake holders and provide detailed remediation guidance

 - Create threat models to go beyond scanning to exploit the vulnerability  

- Clearly documents the scope of work, attack scenarios, findings and evidence in the report  

- Keep up to date with the application security trends including information security news, application security services, tools, latest breaches, patch updates, etc.

 - Generate periodic metrics for the senior management and for auditors as needed

Job Requirements:     

- 5 years of information security and/or penetration testing work experiencepreferred  - An in-depth understanding of OWASP Top 10 is required  

- Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.

 - Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts  

- Experience in describing security concepts to personnel of both technical and non-technical backgrounds

 - Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies  

- Strong understanding of information security concepts  

- Professional demeanor is a must  

- Excellent verbal and written communication skills required

 - Problem solving and influencing

- Bachelor’s Degree (or equivalent work experience) preferred  

- Information security certifications CEH, CPT, GSEC, GWAPT, GPEN, CISSP, OSCP, SANS certification, etc. are preferred  

- Strong scripting skills desirable

JR1700560