Perform formal hands-on penetration tests and vulnerability assessment of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
Design, create and maintain new penetration tools and security testing plans
Develop scripts and programs for automated penetration and other security testing on networks, systems, and applications
Draft project proposals that communicate to the client the details and scope of the project.
Probe for vulnerabilities in web applications, fat/thin client applications, and standard applications
Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
Research, document, discuss and write security findings with management and IT teams and produce actionable, threat-based, reports on security testing results
Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
Review and define requirements for information security solutions
Communicate security issues to a wide variety of internal and external "customers" to include technical teams, executives, risk groups, vendors and regulators
Foster and maintain relationships with key stakeholders and business partners
Provide feedback and verification as an organization fixes security issues
Act as a source of direction, training, and guidance for less experienced staff
Qualifications
Previous working experience as a Penetration Tester for 3 years
BA in Computer Information Systems, Management Information Systems or similar relevant field
Ethical Hacker Certification Preferred
In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
Hands-on experience with testing frameworks such as the PTES and OWASP
Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Critical thinker and problem solver
Excellent organizational and time management skills
Excellent communication and report writing skills
Must be self-starter, eager to take the initiative
Have an understanding of, and experience in, evaluating nation-state, hacktivists, and cybercriminal capabilities and activity.