Penetration Tester/Vulnerability Assesor

Job Description

seeking an experienced Penetration Tester and Vulnerability Assessor to join
our National Cyber Security team. The successful candidate will contribute to a
rapidly expanding practice that evaluates the security posture of organizations
through advanced testing techniques. If you are passionate about offensive
security and ethical penetration testing and are looking for a challenging and
rewarding career, this is the right opportunity for you. Our people are our
most valuable asset and we encourage career growth and development
opportunities for every individual on our team
As a Senior Consultant you will perform various activities with respect to
Vulnerability Assessments and Penetration Testing, including, but not limited
to:
* Performing web and mobile application security assessments
* Security testing in the form of penetration testing and vulnerability
assessments/scans including:
* Network/Infrastructure
* Thick Client(s)
* Cloud Technologies (e.g. Azure, AWS, Google, IBM, etc.)
* Web and Mobile Applications
* Conducting configuration reviews on network appliances (e.g, firewall,
switches, routers, access points, etc.)
* Architecture Security Analysis and Threat Modeling
* Assisting in the development of in-house tools/processes
* Researching and learning about information security trends, new testing
techniques, and best practices, and knowledge sharing with the team
* Providing clear and concise communication (written and oral) to clients
that consist of findings, recommendations, road maps, and actionable
plans
* Performing configuration reviews on network appliances (e.g., routers,
switches, firewalls, wireless access points, etc.)
* Open source intelligence analysis and assessment
* Architecture Security Analysis and Threat Modeling as required
* Enhancing and updating testing methodologies, processes and standards
documentation
* Training and knowledge transfer to junior personnel
Experience & Knowledge:
The ideal candidate will have three-plus years in the information/offensive
security field that includes performing penetration testing related to the
following technologies/assets:
* Network/Infrastructure
* Thick Client
* Cloud Technologies (e.g. Azure, AWS, Google, IBM, etc.)
* Web and Mobile Applications
In addition, the candidate should have experience with:
* Leading Penetration Testing and Vulnerability Scanning software and tools
(e.g. Nessus, Qualys, etc.)
* Software security weakness and vulnerabilities
* At least one software programming language and framework
* Working with and presenting to diverse stakeholders at various levels (C
Suite/Managers), preferably on a national basis
* Working in a fast-paced environment with multiple competing deadlines and
priorities
ANDknowledge of:
* Reverse Engineering
* Source code reviews
* Cloud Service testing
* ISO 27000 series such as 27001, 27002, 27032, 27035
* NIST SP 800 series
* PCI DSS
* OWASP Top Ten
* SANS Institute - CIS Critical Security Controls
* Standard of Good Practice for Information Security
* Incident management and response
* Vulnerability management
Education/Certifications:
The ideal candidate with have the following certifications and/or education:
* Certified Ethical Hacker (CEH)
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM) or Certified Information
Systems Auditor (CISA)
* Offensive Certified Security Professional (OSCP)
* GIAC Security Essentials (GSEC)
* GIAC Web Application Penetration Tester (GWAPT)
* Offensive Security Certified Expert (OSCE)

Show moreShow less

FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.

Apply Now