Penetration Tester

Want to be a part of our team?

NTT is seeking a Consultant to join their Threat Services team. The Threat Services team is responsible for performing offensive security assessments and related services. The role requires candidates with strong communication skills, a deep understanding of cyber threats, vulnerabilities, and a passion for staying updated with the latest trends in cybersecurity.
This position is responsible for performing cross-domain security assessments by simulating a threat actor in various attack scenarios to identify and exploit vulnerabilities in application security (e.g., web applications, API, mobile applications) and network security (e.g., internal and/or external penetration, wireless) in cloud-based, on-premises, and hybrid environments.
Upon completion of assessments, consultants produce and deliver high-quality reports containing analysis of security findings, detailed evidence, and recommended actions. Out brief calls to present reports, answer questions, explain chained exploits, and provide high-level guidance are common. The Security Consultant is seen as a trusted advisor through the delivery of judgement free, objective testing and thorough detailed reporting. The consultant guides clients toward solutions to improve their security posture and enhance their risk-management programs.
The ideal candidate has strong problem-solving and analytical skills, broad and deep technical skills, meets the objectives of engagements, collaborates with clients, supports teammates, and provides subject matter expertise across technical domains. While we strive to provide services in a fully remote capacity, travel to client sites may be required on occasion to conduct assessments on sensitive applications or in closed environments.

Working at NTT

Duties and Responsibilities

• Engage with internal and external clients to perform application security assessments (e.g, web, API, mobile) and/or network penetration assessments (e.g., internal/external penetration, wireless) using open source, commercial, or in-house developed exploitation tools.
• Craft comprehensive reports containing detailed supporting evidence, recommended actions, and references where appropriate, explaining complex technical concepts and terminology that is understandable for both technical and non-technical audiences.
• Participate in client conference calls for project kick-off, critical risk escalation, report delivery, and others as appropriate.
• Continuous education to improve skillset as well as keep up to date on the latest vulnerabilities, emerging threats, and cybersecurity trends.
• Develop and maintain positive relationships with clients and understand their vertical markets, business needs and challenges.

Qualifications

• 2+ years of industry experience in web application, API, and network penetration testing with the ability to be the technical lead on assessments.
• In-depth experience with open source and commercial security tools for discovery, enumeration, and exploitation such as Kali Linux, Metasploit, Cobalt Strike, Burp Suite Professional, Nessus, Nmap, Impacket, etc.
• Extensive operating systems and network protocol knowledge: Microsoft Windows, Active Directory, Linux, MacOS, TCP/UDP, IEEE 802.11.
• Proficiency with cloud technology and deployments: AWS/Azure/Google Cloud Platform.
• Experience with scripting/programming languages (Python, PHP, PowerShell, Ruby, Bash, etc.) as well as a working knowledge of SQL.
• Strong communication skills, both written and verbal, with the ability to convey complex security issues to both technical and non-technical stakeholders.
• Self-motivated, with the ability to work independently and as part of a team.

Bonuses

• Contributions to the security community such as developing or maintaining security tools, exploits, publishing CVEs, vulnerability disclosure recognitions, blogs, conference presentations.
• Industry-specific certifications (OSCP, OSEP, OSEE, OSED, OSWE, GPEN, GXPN, GWAPT, GCPN, etc.).
• Experience with assumed breach assessments.
• Social Engineering experience (phishing, vishing, smishing).
• Proficiency in assessment of applications on mobile operating systems (iOS, Android).
• Familiarity with common IT security compliance and governance regulations, guidance, and frameworks such as PCI, SOX, FISMA, FedRAMP, etc.
• Previous systems/network administration or security engineering.
• Prior experience with DevOps/DevSecOps or software development/engineering.
• Experience with compiled languages (Golang, Java, C, C++, Assembly).
• Experience with container technologies (Docker, Kubernetes, Helm).
• Knowledge of ICS/OT/SCADA systems.
• Testing or development of embedded systems and/or IoT devices.

Skills Summary

Analytical Thinking, Cross-Team Collaboration, Project Management, Regulatory Compliance Management, Risk Assessments, Security Awareness Training, Security Framework, Security Policies

Workplace type:

Remote Working

Equal Opportunity Employer

NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category