Penetration Tester (REMOTE)

About The Position

Requirements

• Bachelor’s degree or an equivalent combination of education and experience
• Minimum of two (2) to five (5) years of Penetration Testing, and or progressive experience tied to IT security, operations, development with a focus on securing IT environments/infrastructure
• In-depth knowledge and experience with penetration testing
• Expected to test and analyze security functions for malware, design weaknesses, technical flaws, and system vulnerabilities
• Experience in reconnaissance (network & system), exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysis, reverse engineering
• Demonstrates proven extensive knowledge of application security, network segregation, access controls, IDS/IPS devices, cryptography, physical security, and information security risk management
• Experience with tools such as Burpsuite, Kali Linux, NMAP, AttackForge, Jira, and Git
• Demonstrates knowledge of Networking protocols, TCP/IP stack, systems architecture, and operating systems
• Demonstrates knowledge of common programming and scripting languages, such as Python, PowerShell, Ruby, or Bash
• Cybersecurity frameworks and methodologies from industry-leading practices such as NIST, FFIEC, and OWASP
• Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic
• Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer
• Must be comfortable operating in a collaborative, shared leadership environment
• Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with the ability to inspire and motivate other

Nice To Haves

• Advanced computer skills
• Information security knowledge and experience
• Scripting and Programming
• Reporting and Writing
• Problem Solving Skills
• Burp Suite Certified Practitioner (BSCP)
• Practical Network Penetration Tester (PNPT)
• Offensive Security Certified Professional (OSCP)
• Offensive Security Web Expert (OSWE)
• eLearnSecurity Junior Penetration Tester (eJPT)
• eLearnSecurity Certified Professional Penetration Tester (eCPPT)
• Certified Penetration Tester (CWAPT)
• GIAC Web application Penetration Tester (GWAPT)
• GIAC Penetration Tester (GPEN)
• GXPN
• OSCE
• eCPTX

Responsibilities

• Risk Assessments (Projects or Programs)
• Data Loss Prevention
• User Access Reviews
• Regulatory Compliance; i.e. PCI
• Security Reporting Tracking
• Vulnerability Scanning & Mitigation
• eDiscovery and Forensics
• Incident Response Coordination
• Communications and Awareness
• Perform enterprise and system focused network and application penetration test engagements
• Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and peers
• Apply security testing and penetration testing techniques and mindset to a wide range of projects
• Represent Enterprise Information Security on IT standards and review committees
• Acts as an advocate and resource on information security for various teams, areas and/or system-wide initiatives
• Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions
• Develops designs and operates one or more information security domains
• Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies
• Independently perform web, mobile, and thick application penetration tests
• Perform security reviews of application designs, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Apply offensive cybersecurity testing techniques, coordinate testing projects with internal and external systems
• Reports the nature of identified cyber security risks and recommends risk mitigation measures to improve the cyber security posture of the enterprise
• Participate in Security Assessments of networks, systems and applications
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
• Participates in site-specific meetings
• Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives
• Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives
• Other duties as needed and assigned by the manager
• Maintains a working knowledge of applicable Federal, State, and local laws and regulations, Trinity Health’s Organizational Integrity Program, Standards of Conduct, as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical, and professional behavior
• Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements