Your Responsibilities
Participate in Security Assessments and Perform penetration tests on web-based applications, networks and computer systems,
Design and create new penetration tools and tests
Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
Participate and lead red teaming, fuzzing, source code review and reverse engineering.
Work on improvements for provided security services, including the continuous enhancement of existing methodology
material and supporting assets
Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security
strategies
Review and define requirements for information security solutions
Work on
o improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
o ensuring technical aspects and business processes are aligned
Define and enable specific action plans to attain and maintain compliance to minimum requirements, security standards and project specific requirements.
Research, document, present and discuss security findings with management and IT teams.
Work closely with Sales in design and architecting of comprehensive security solutions for customers.
Participate in customer facing discussions and workshops to explain solutions, and approaches to addressing customer risk
and security challenges.
Requirements
Must Have Requirements
CREST or OSCE Certifications
At least 2 years full-time experience conducting the following types of penetration tests:
o Servers and clients (Windows and Linux) o Web applications (including APIs)
Experience using Kali Linux
Familiar with penetration testing tools and frameworks, such as:
o Nessus
o Burp Suite o NMAP
o Metasploit o Fortify
o AppScan
Experience performing digital forensic investigations (including maintaining integrity and chain-of-custody of evidence)
Familiar with AWS, Azure, and/or GCP
Familiar with the OSI model and attack vectors at each layer
Familiar with cryptographic principles
Good team player, with excellent verbal and written communication skills.
Ability to take ownership of an initiative/issue through completion
Great to Have Requirements
Familiar with cloud-native penetration testing (serverless architectures such as functions and containers)
Familiar with reverse engineering binary applications
Experience with automation and scripting in any of the following languages:
Familiar with git or other source control methodologies
Experience in consulting assignments to assess organizational security posture, develop security roadmaps and remediation
plans, etc.
Experience in technically supporting sales and customer engagements through presales and other advisory activities.
o Shell, bash, zsh, etc.
o PowerShell
o Python (Python 3 preferred)
Formal Education
Degree in Computer Science, Information Systems, Engineering, Digital Forensics or equivalent qualifications is preferred.
Must Have Requirements CREST or OSCE Certifications At least 2 years full-time experience conducting the following types of penetration tests: o Servers and clients (Windows and Linux) o Web applications (including APIs) Experience using Kali Linux Familiar with penetration testing tools and frameworks, such as: o Nessus o Burp Suite o NMAP o Metasploit o Fortify o AppScan Experience performing digital forensic investigations (including maintaining integrity and chain-of-custody of evidence) Familiar with AWS, Azure, and/or GCP Familiar with the OSI model and attack vectors at each layer Familiar with cryptographic principles Good team player, with excellent verbal and written communication skills. Ability to take ownership of an initiative/issue through completion Great to Have Requirements Familiar with cloud-native penetration testing (serverless architectures such as functions and containers) Familiar with reverse engineering binary applications Experience with automation and scripting in any of the following languages: Familiar with git or other source control methodologies Experience in consulting assignments to assess organizational security posture, develop security roadmaps and remediation plans, etc. Experience in technically supporting sales and customer engagements through presales and other advisory activities. o Shell, bash, zsh, etc. o PowerShell o Python (Python 3 preferred) Formal Education Degree in Computer Science, Information Systems, Engineering, Digital Forensics or equivalent qualifications is preferred.