Penetration Testing Senior Specialist

Summary

We are seeking a highly motivated and skilled Penetration Tester to join our team. You will be responsible for identifying vulnerabilities in our systems and networks, mimicking attacker methods, and recommending security controls to mitigate risks.

Responsibilities

• Identify potential attacker methods to exploit system and network vulnerabilities.
• Simulate social engineering attacks to uncover security gaps.
• Gather information about network topography and usage through technical analysis and open-source research.
• Conduct code reviews using security testing and code scanning tools.
• Recommend security controls to address vulnerabilities identified through testing.
• Conduct reviews of defensive measures and penetration testing of infrastructure and assets according to organizational policies.
• Perform technical and non-technical risk and vulnerability assessments.
• Maintain a deployable cyber defense audit toolkit based on industry best practices.
• Test for vulnerabilities in web applications, client applications, and standard applications.
• Conduct physical security assessments of servers, systems, and network devices.
• Report penetration testing and vulnerability assessment findings, including risk level, proposed mitigation, and details for reproducing test results.
• Explain the business impact of identified vulnerabilities to advocate for remediation.
• Present test findings, risks, and conclusions to both technical and non-technical audiences.
• Design simulated attacks that reflect the impact on the organization's business and users.

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline.
• (Preferred) Professional certifications such as OSCP, OSWP, OSEP, GPEN, GWAPT, GMOB, GXPN, GWEB, GCPN, eWAPTX, or eCTHP.
• 5-7 years of experience in a relevant field.

Skills

• Advanced proficiency in conducting vulnerability scans and interpreting results.
• Intermediate proficiency in conducting penetration testing aligned with organizational policies and best practices.
• Advanced proficiency in developing insights about an organization's threat environment.
• Advanced proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues.
• Advanced proficiency in mimicking threat behaviors.
• Intermediate proficiency in implementing adversary Tactics, Techniques, and Procedures (TTPs).