Penetration Tester

About The Position

Requirements

• Ideally, 3+ years of hands-on experience in penetration testing web, thick-client and mobile applications
• Strong hands-on experience with Active Directory exploitation and post-exploitation techniques
• Solid knowledge of network protocols, Windows and Linux internals, DNS, SMB, LDAP, and Kerberos
• Experience with OS hardening assessment tools and frameworks (e.g., CIS Benchmarks, Lynis, Microsoft Security Baselines)
• Track record of explaining technical issues to application teams and assisting them in resolving issues
• Confident communicator that can explain technology to non-technical audiences
• Ability to properly document vulnerabilities and to produce penetration test report

Nice To Haves

• Ideally certifications in cyber security area, such as OSWE, OSCP, CompTIA Security+, Burp Suite Certified Practitioner

Responsibilities

• Perform penetration testing against critical infrastructure (e.g. Active Directory, LDAP, DNS)
• Assess operating system hardening (Windows/Linux/Unix), identifying misconfigurations, privilege escalation paths, and missing baseline controls
• Perform penetration testing against web, thick-client and mobile applications
• Identify and report vulnerabilities using common methodologies & communicate with application teams on how to remediate certain vulnerabilities
• Participate in process improvements and automation
• Perform technical QAs, including false-positive analysis and risk rating reviews