Job Title: Senior Penetration Tester
Pay Type: SALARIED EXEMPT
Location: Hybrid, Washington, DC
US Citizenship: Required
Summary of Position Role/ResponsibilitiesEssential Functions of the Job- Plan, create, and execute advanced penetration methods, scripts, and tests[OS1] for the team, with a focus on Web Applications[OS2]
- Assess and test the security of internal networks and underlying application infrastructure.
- Conduct penetration testing and vulnerability assessments on Azure cloud infrastructure and applications
- Lead and mentor a team of penetration testers, providing guidance and sharing expertise
- Carry out remote and on-site testing of client networks and infrastructure to expose security weaknesses
- Simulate security breaches to assess a system's relative security
- Create detailed reports and recommendations based on findings, including uncovered security issues and associated risk levels
- Present findings, risk assessments, and conclusions to management and other relevant parties
- Maintain advanced knowledge of networking, cryptography, reverse engineering, web applications, operating systems databases
- Possess expertise in various scripting and programming languages, including Python, SQL, C/C++, JavaScript, PHP, Java, and Ruby
- Provide strong written and oral communication skills to effectively convey assessment results and potential weaknesses
- Assist in penetration testing intake, coordination with client teams for scheduling and delivery of reports/debriefs.
Marginal Functions of the JobNormal Work ScheduleThis is a full-time position. Standard business hours are Monday through Friday 8:00 AM to 5:3 PM. If your role falls within our Security Operations Center, you will be assigned a specific shift. As a result, your working schedule may require flexibility to cover any shift that falls within a 24/7 cycle, it may also change and rotate, including nights, weekends, and holidays.
Education, Training, and Experience- Bachelor's degree in cyber security, computer science, IT or a related field and at least 10 years of experience in cybersecurity. Additional years of relevant experience may be considered in lieu of a Bachelor's degree.
- 7 years minimum of work experience directly related to Red Team assessments, and penetration testing (intranet, internet, web, wireless, social engineering), with a focus on Web Application testing
- Must have an active OSCP+ certification in addition to one of the following:
- CompTia PenTest+
- CEH
- CompTia CySa+
- GCIH
- GCFA
- CISSP
- Expertise with scripting languages (e.g., Python, PowerShell, Java, Perl, etc)
- A fundamental understanding and experience with business/application logic vulnerabilities. [OS3]
- Expertise with API focused penetration testing.
- Proficiency with penetration testing tools (Kali Linux, Binwalk, BurpSuite, Wireshark, etc)
- Experience acting as a Subject Matter Expert or team lead, providing guidance to others
- Proven track record of reviewing cybersecurity vulnerabilities for risk and relevance
- Experience in planning mitigations for systems vulnerabilities
- Exceptional communication skills; able to successfully communicate with management personnel, technical personnel, and third parties.
Nice To Have:- Certification in focused on Web Application penetration testing.
- Relevant security research.
- Accredited CVEs, research papers or contributions to the cyber security sphere.
[OS1]I would just say tests, but I will leave it to you to decide.
[OS2]The focus is web applications generally.
[OS3]This is extremely important; it makes up the majority of the findings we have.
