Senior Penetration Tester
About The Position
The Senior Penetration Tester will support the Assessment side of the CIS Cyber Resilience Team. This person will be an individual contributor reporting to the Director of Cyber Resilience. This individual should have experience in application security/pen-testing, secure coding practices, and application and infrastructure security vulnerability remediation techniques. Responsible for the planning, design and build of security architectures to ensure strong security posture, compliance with regulations, and safeguard customer's data. Manage information systems security, including disaster recovery, database protection, and software development. Demonstrate the company's core values of respect, honesty, integrity, diversity, inclusion and safety.
Requirements
- Bachelor's Degree computer science, information systems, or related technical field
- 10+ years of experience in a related security field
- Proven ability to design and build scalable, high volume, and low latency applications
- Experience in one or more of the common languages (e.g., Perl, Python, Ruby, shell scripting)
- Advanced knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, BGP and other routing protocols)
Nice To Haves
- Master's Degree computer science, information systems, or related technical field
- Mobile application pen testing experience
- Mobile application testing tools (Frida, Objection, apktool, Android Studio, MobSF, Xcode)
- AI red teaming tooling experience (pyrit, garak)
- Point-of-sale and retail kiosk pen testing experience
- Network infrastructure pen test experience (and tools including Bloodhound, Responder, CME, Impacket, Metasploit)
- Programming language experience (e.g. python, Java, JavaScript/Typescript, C/C++, Ruby, Go)
Responsibilities
- Oversee information security tools/services including; Identity & Access mgmt, cloud security, cryptography, logging & alerting, security operation, malware detection, incident response, vulnerability scanning, penetration testing, security architecture, & digital forensics
- Guide the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures
- Assist with the monitoring of all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software
- Monitor server and firewall logs, scrutinize network traffic, establish and update vulnerability scans
- Analyze and resolve highly complex and unique security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required
- Manage and ensure the security of databases and data transferred both internally and externally
- Oversee penetration testing of all systems in order to identify system vulnerabilities; design, implement, and report on security system and end user activity audits
- Develop new and modify existing security policies and procedures to maintain compliance
- Evaluate existing and recommend new and emerging security technologies
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts
- Communicate important updates with key stakeholders across the organization
- Coach and mentor other members of the security engineering team
- Must be able to perform the essential job functions of this position with or without reasonable accommodation
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
5,001-10,000 employees
