Penetration Tester
Michigan
NTT DATA
NTT DATA helps clients transform through consulting, industry solutions, business process services, IT modernization and managed services.Want to be a part of our team?
NTT is seeking a Consultant to join their Threat Services team. The Threat Services team is responsible for performing offensive security assessments and related services. The role requires candidates with strong communication skills, a deep understanding of cyber threats, vulnerabilities, and a passion for staying updated with the latest trends in cybersecurity.This position is responsible for performing cross-domain security assessments by simulating a threat actor in various attack scenarios to identify and exploit vulnerabilities in application security (e.g., web applications, API, mobile applications) and network security (e.g., internal and/or external penetration, wireless) in cloud-based, on-premises, and hybrid environments.
Upon completion of assessments, consultants produce and deliver high-quality reports containing analysis of security findings, detailed evidence, and recommended actions. Out brief calls to present reports, answer questions, explain chained exploits, and provide high-level guidance are common. The Security Consultant is seen as a trusted advisor through the delivery of judgement free, objective testing and thorough detailed reporting. The consultant guides clients toward solutions to improve their security posture and enhance their risk-management programs.
The ideal candidate has strong problem-solving and analytical skills, broad and deep technical skills, meets the objectives of engagements, collaborates with clients, supports teammates, and provides subject matter expertise across technical domains. While we strive to provide services in a fully remote capacity, travel to client sites may be required on occasion to conduct assessments on sensitive applications or in closed environments.
Working at NTT
Duties and Responsibilities
- Engage with internal and external clients to perform application security assessments (e.g, web, API, mobile) and/or network penetration assessments (e.g., internal/external penetration, wireless) using open source, commercial, or in-house developed exploitation tools.
- Craft comprehensive reports containing detailed supporting evidence, recommended actions, and references where appropriate, explaining complex technical concepts and terminology that is understandable for both technical and non-technical audiences.
- Participate in client conference calls for project kick-off, critical risk escalation, report delivery, and others as appropriate.
- Continuous education to improve skillset as well as keep up to date on the latest vulnerabilities, emerging threats, and cybersecurity trends.
- Develop and maintain positive relationships with clients and understand their vertical markets, business needs and challenges.
Qualifications
- 2+ years of industry experience in web application, API, and network penetration testing with the ability to be the technical lead on assessments.
- In-depth experience with open source and commercial security tools for discovery, enumeration, and exploitation such as Kali Linux, Metasploit, Cobalt Strike, Burp Suite Professional, Nessus, Nmap, Impacket, etc.
- Extensive operating systems and network protocol knowledge: Microsoft Windows, Active Directory, Linux, MacOS, TCP/UDP, IEEE 802.11.
- Proficiency with cloud technology and deployments: AWS/Azure/Google Cloud Platform.
- Experience with scripting/programming languages (Python, PHP, PowerShell, Ruby, Bash, etc.) as well as a working knowledge of SQL.
- Strong communication skills, both written and verbal, with the ability to convey complex security issues to both technical and non-technical stakeholders.
- Self-motivated, with the ability to work independently and as part of a team.
Bonuses
- Contributions to the security community such as developing or maintaining security tools, exploits, publishing CVEs, vulnerability disclosure recognitions, blogs, conference presentations.
- Industry-specific certifications (OSCP, OSEP, OSEE, OSED, OSWE, GPEN, GXPN, GWAPT, GCPN, etc.).
- Experience with assumed breach assessments.
- Social Engineering experience (phishing, vishing, smishing).
- Proficiency in assessment of applications on mobile operating systems (iOS, Android).
- Familiarity with common IT security compliance and governance regulations, guidance, and frameworks such as PCI, SOX, FISMA, FedRAMP, etc.
- Previous systems/network administration or security engineering.
- Prior experience with DevOps/DevSecOps or software development/engineering.
- Experience with compiled languages (Golang, Java, C, C++, Assembly).
- Experience with container technologies (Docker, Kubernetes, Helm).
- Knowledge of ICS/OT/SCADA systems.
- Testing or development of embedded systems and/or IoT devices.
Skills Summary
Analytical Thinking, Cross-Team Collaboration, Project Management, Regulatory Compliance Management, Risk Assessments, Security Awareness Training, Security Framework, Security PoliciesWorkplace type:
Remote WorkingEqual Opportunity Employer
NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Android APIs Application security AWS Azure Bash Burp Suite C Cloud Cobalt Strike Compliance DevOps DevSecOps Docker Exploit Exploits FedRAMP FISMA GCP Golang Governance GPEN GWAPT GXPN Helm ICS iOS IoT Java Kali Kubernetes Linux MacOS Metasploit Nessus Network security Nmap Offensive security Open Source OSCP OSEE OSWE Pentesting PHP PowerShell Python Risk assessment Ruby SCADA Scripting Security assessment SOX SQL Vulnerabilities Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs