This position within the Penetration Testing team is one who will be responsible for leading efforts to find and document security vulnerabilities through approved penetration testing efforts for the purpose of securing Early Warning systems, infrastructure, networks, and applications.
- Leads internal and external security assessments and penetration tests, including mobile, web applications, web services, wireless and network penetration tests.
- Leads penetration tests against systems of extreme complexity, writes reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
- Train and support junior penetration testing staff
- Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
- Owns remediation of vulnerabilities and potential issues found during penetration tests.
- Performs expert assessments and works with Security Architects and Security Engineers to identify complex vulnerabilities and own remediation.
- Efficiently owns, performs and delivers security assessment reports and penetration tests, and oversees the remediation of all findings and recommendations
- Performs static source code vulnerability analysis reports for Early Warning developed applications as directed.
- Drives discovery of new vulnerability exploitation techniques, and leads training for team members.
- Performs expert threat modeling to identify all possible attack vectors
- Support the company's commitment to protect the integrity and confidentiality of systems and data.
- Successful completion of education or experience equivalent to a Bachelor’s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
- Minimum of two years mobile application penetration testing experience
- Advanced knowledge of mobile application testing techniques, software, protocols and the ability to bypass common mobile application security controls
- Expert level understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
- Minimum of 4 years of general security penetration test experience and at least 3 years of general IT or information security experience.
- Expert knowledge of TCP/IP, networking, web applications, databases, mobile, and cloud applications
- Expert knowledge of penetration test and assessment procedures, as well as expert knowledge of remediation best practices
- Proficiency with common scripting language(s) such as Python, Ruby, Bash, or Perl
- Expert using, configuring, troubleshooting, and administering Kali Linux, Mac OSX, and Windows OS
- Expert knowledge of the Kali Linux suite of penetration test tools.
- Develops new and custom techniques for various types of security assessments and penetration tests
- Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities. testing procedures, and remediation recommendations
- Current with one or more of the following certifications: OSCP, eCRE, eNDP eWDP or eWAPT Certification or equivalent
- Contribution of intellectual property to your current or previous employer to support the automation and repeatability of the penetration testing practice
- Proven ability to research recommend and document repeatable defense solutions
- Background and drug screen
- Application Development background
- Social Engineering experience
- Delivery of talks or research to regional national Conferences or background in developing and delivering professional security training
- Proven ethical disclosure of zero day vulnerabilities either as a bug bounty hunter or as internal pen-tester.
- Additional related education and/or experience preferred
The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.
Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling, and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.
Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.