Lead Penetration Tester
Bellevue, Washington, United States
First Information Technology Services
Designing Information Security Solutions with You in Mind.First Information Technology Services (FITS) has been providing Information Security, Cloud Computing Security, and IT consulting services since 2000. FITS consultants perform comprehensive assessments from beginning to end to produce meaningful, actionable reports that fit within an organization's comprehensive risk strategy.
Program Overview:
First Information Technology Services, Inc. is a leading Assessment and Advisory consulting firm with headquarters in Arlington, Virginia and Bellevue, Washington. Our consultants are expected to perform audit and assessment activities for some clients and advise others in how to architect a secure, compliant infrastructure.
We’re looking for a Lead Penetration Tester who has the technical competence to be able to complete a penetration test in accordace with FedRAMP Penetration Test Guidance and requirements. This person must be proficient in collecting artifacts, evaluating systems/artifacts, and running penetration/security evaluation tools.
Essential Duties and Responsibilities
- Execute penetration testing assessments, including identifying and exploiting security vulnerabilities in hybrid infrastructure using the established methodology and tools.
- Utilize industry standard security penetration and auditing tools to conduct real-world attack simulations.
- Perform deep technical analysis of vulnerabilities within the FITS customer environmentd and develop actionable recommendations to reduce associated risks.
- Provide leadership, mentoring, and training to pentest team members.
- Research and stay current with new threats, attack vectors and techniques, risk, and cloud security trends.
Required Qualifications
- 2+ years of penetration testing experience as a lead penetration tester
- At least one of the following technical certifications:
- Cisco Certified Network Professional Security (CCNP Security)
- CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
- SANS GIAC Penetration Tester (GPEN)
- Open Web Application Security Project (OWASP) Penetration Tester
- Experience in application/infrastructure vulnerability assessments and remediation
- Experience with penetration testing using tools, including Burp Suite Professional/Enterprise, Kali Linux, Metasploit, NMAP, Cobalt Strike, Nikto, SQLMAP, ZAP, Censys, Masscan, SpiderFoot, etc.
- Experience with manually exploited weaknesses, consisting of Cross Site Scripting (XSS), XML External Entity (XXE), SQL Injection (SQLi), Cross Site Request Forgery (CSRF) and information disclosures
- Familiarity with building, deploying, maintaining, and troubleshooting virtual machines using tools and virtualization platforms such as VMWare, oVirt, and ESXi
- Familiarity with command line interface of multiple operating systems, such as Windows, macOS, Linux
- Knowledge of fundamental penetration testing methodology and ability to test for OWASP Top 10 Vulnerabilities
Preferred Qualifications
- Ability to pen test PaaS, IaaS, mobile applications, and web applications
- Experience with scripting/programming, e.g., Python, PowerShell, HTML
- Experience with ticketing systems
- Active involvement in security community, e.g., participating in CTF competitions, bug bounties, or developing open-source tools
Location: REMOTE FROM UNITED STATES. Preference given to candidates local to Bellevue, WA.
This is a fully remote opportunity for US Citizens.
First Information Technology Services, Inc. believes that a well-rounded compensation package helps teams members thrive in their work and home life. FITS proudly invests in benefits for its employees, covering 100% of health, dental, and vision coverage for employees and their dependents, paid time off, holidays, matching 401(K), short/long term disability, and parental leave. FITS also provides up to $5,000 annually for professional development, including reimbursement of job-related training classes, seminars, tuition, and certification expenses.
FITS is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. FITS is committed to the principle of equal employment opportunity for all employees and to provide employees with a work environment free of discrimination and harassment. All employment decisions at FITS are based on business needs, job requirements, and individual qualifications, regardless of race, color, ethnicity, age, religion or belief, sex, sexual orientation, gender identity and/or expression, national origin, family or parental status, disability, military or veteran status, or any other status protected by the laws or regulations in the locations where we operate.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Burp Suite CASP+ CCNP CISSP Cloud Cobalt Strike CompTIA CSRF CTF FedRAMP GIAC GPEN IaaS ISSE Kali Linux MacOS Metasploit Nmap OWASP PaaS Pentesting PowerShell Python SANS Scripting SQL SQL injection Strategy VMware Vulnerabilities Windows XML XSS
Perks/benefits: Career development Health care Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs