Penetration Tester, Associate Vice President

About The Position

Requirements

• Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent work experience - equally preferable
• 5+ years of experience with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire, AutoSploit, Ghidra, IDAPro, OllyDbg, Fiddler
• 3+ years of experience in scripting languages such as Python, PowerShell, Bash, and Ruby
• 5+ years of experience in application and infrastructure penetration testing, including experience using automated tools and manual testing techniques
• Possessing one or more of these certifications are highly desirable: OSEP, OSWE, CWEE, CAPE
• In-depth understanding with two or more of the following technology areas: Network infrastructure (Routers, switches...), Security products and services (FW, IDS, IPS, AV...), Active Directory, servers, services, desktops and mobile devices, Operating System (Windows, Unix/Linux/AIX), Databases (MySQL, SQL, DB2...), Cloud and container technologies like AWS, Azure, Oracle and Kubernetes
• In-depth knowledge in one or more of these programming languages: Java, C#, C, C++, Assembly
• In-depth understanding of penetration-testing methodologies and security concepts such as OWASP Top 10, SANS 25, OSSTMM, Mitre ATT&CK
• In-depth knowledge in one or more of these areas: Post exploitation, exploitation development, or binary reverse engineering
• Excellent communication and report-writing skills

Responsibilities

• Act as a subject matter expert in offensive information security performing penetration testing and vulnerability research of complex proprietary software and hardware
• Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures
• Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation
• Collaborate with leaders and stakeholders on client kick-off and discovery sessions to answer questions from prospects and clients
• Create custom tool(s) and/or modify existing tool(s) to aid with vulnerability detection automation process
• Communicate and work closely with application managers and lead developers across business lines on security finding(s) to ensure their understanding of associated risks and actions needed to remediate those risks
• Continually research on new exploitation/attack techniques against technology stack(s) currently being used at the organization
• Maintain familiarity with industry trends and security best practices
• Provide technical training to junior and mid-tier team members

Benefits

• Comprehensive health and wellness benefits
• Retirement plans
• Educational assistance and training programs
• Income replacement for qualified employees with disabilities
• Paid maternity and parental bonding leave
• Paid vacation, sick days, and holidays