Cybersecurity Pentester

About The Position

Requirements

• Bachelor's degree in computer science, MIS, or related field or equivalent experience.
• 1-3 years’ experience in information security in various security disciplines.
• Solid understanding of OWASP and other software security best practices.
• Strong technical ability in both manual and automated approaches to penetration testing.
• Knowledge of threat modeling methodologies.
• Knowledge of social engineering techniques and methodologies.
• Detailed knowledge and experience with exploiting vulnerabilities in a corporate (enterprise) environment.
• Experience with assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc.
• Excellent problem solving, planning and interpersonal skills.
• Ability to interpret internal and external business challenges and recommend best practices.
• Skilled experience with major operating systems, such as Windows, UNIX, Linux OS including administration and security.
• Intermediate experience with multiple penetration tools, such as: Burp, OWASP ZAP, NMAP, OpenVAS, OpenSSL, Cobalt Strike, SQLmap, Pupy, Mimikatz, Metasploit, etc.
• Intermediate experience with programming languages, shell scripting to automate tasks, such as C++, Perl, and Python or Ruby.
• Knowledge of attack method types and their usage in targeted attacks, such as malware, vulnerabilities, application vulnerabilities, lateral movement, etc.
• Experience creating reports with detailed penetration test findings, descriptions, reproduction steps, and mitigation recommendations.
• Experience in reconnaissance (network & system), weaponization, exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysis, reverse engineering.
• Ability to prioritize and re-prioritize tasks in a rapidly changing environment.
• Strong written and verbal communication skills and a solid understanding of IT Security concepts to include security operations.
• Knowledge of network protocols, data flows and vulnerabilities.
• Knowledge of PCI and other industry compliance standards.

Nice To Haves

• Certifications: OSCP, CRTO, CRTP, OSEP, GXPN, or similar certifications are a plus.

Responsibilities

• Performs internal penetration testing and external red teaming of networks, systems, and applications within agreed scope and rules of engagement.
• Runs Web application vulnerability software to detect security issues in web applications.
• Analyzes output of web application test scans to determine valid security issues.
• Conducts regular meetings with business unit stakeholders to assess remediation efforts from the findings of the pentest.
• Gathers security related information across multiple electronic, computer and development environments. Identifies, summarizes, reviews, and reports potential/actual actions that may jeopardize information security environments.
• Participates in information security audits to proactively minimize and eliminate information security vulnerabilities.
• Uses penetration testing methodologies to validate the remediation of vulnerabilities and misconfiguration issues.
• Reviews Application Code reports on vulnerabilities.
• Performs extensive internal network reconnaissance with the correlation of data from SIEM, scanning applications, network monitoring devices, host applications, etc.
• Performs Web application testing focused on http/https vulnerabilities, TLS, application level like XSS, SQL, cross site scripting.
• Perform other duties as assigned
• Understand and adhere to all corporate policies to include but not limited to the ACI Code of Business Conduct and Ethics.
• Understands and complies with Risk Management program requirements including identification of risks, key controls, and control testing as applicable to their responsibilities.

Benefits

• opportunities for growth
• career development
• competitive compensation and benefits package