Penetration Tester

Kalles Group Overview 

We believe that everyone deserves to be secure. This is the foundation of everything we do for our customers, our communities, and our consultants.  

That's why we help our partners with complex security and technology problems in a human way. 

Kalles Group is delivering organizational and technology change for startups, small businesses, and Fortune 500 companies in order to bring security to all. 

 
Team and Role Overview 

We have an opening for a Penetration Tester as part of a key team of professionals that applies scientific, mathematical and social principles to perform formal penetration testing, and threat modeling on web applications, network, and other computer systems on a regular basis. 

Key Responsibilities  

• Demonstrates expertise in security and engineering practices 
• Integrates broad working knowledge in related disciplines to apply integrated security solutions for complex business situations 
• Participate in Security and Risk Assessments of networks, systems, applications, processes, and personnel 
• Perform formal security reviews of application designs, source code and deployments as required, covering web application, web services, mobile applications, network, and other computer systems 
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets  
• Exhibits clear writing and communication skills including the ability to render concise reports, summaries, and occasional oral presentations 
• Possesses basic understanding of cyber incident and response and related current events 
• Integrate security risk information into penetration testing process 
• Utilize network mapping, host enumeration and scanning tools when necessary 
• Supports/mentors skill development within the team 
• Demonstrated ability to methodically analyze problems and identify solutions 
• Adjusts positively to quickly-changing priorities and shifting goals  

Key Skills and Experience 

• 3 to 5 years’ defensive and offensive cybersecurity experience within relevant domains, such as penetration testing, vulnerability management, threat modeling, code and configuration audits, threat emulation, etc. 
• Application or software development background with baseline understanding of code and scripting languages, such as C/C++, Python, SQL, Powershell, .NET, Ruby, or JavaScript 
• Experience with a variety of security tools and products such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Tenable Nessus, Web Inspect, IDA PRO 
• Security experience around native applications, web applications and database systems 
• Good understanding of the components of Secure Development Life Cycle (SDLC) 
• Vulnerability analysis and application reverse engineering skills  
• Experience testing within Windows, Linux and/or cloud environments 
• Familiar with common CI/CD and DevOps/DevSecOps platforms and modern dev workflows 

Preferred Experience 

• Relevant security certifications, such as CISSP, CEH, OSCP, GCIH, GPEN, GWAPT, or similar information security certifications 
• Red Team experience is a bonus