Senior Penetration Tester
Remote - Nationwide- US
Applications have closed
ABOUT YOU:
- Passionate about information security and identifying exploitable vulnerabilities before threat actors can take advantage of them
- Ready to find more efficient ways to accomplish your work
- Continuous desire to grow, develop and advance skills
- Can work independently, or collaboratively with the team
- Desire to provide highest quality test and deliverables to clients without cutting corners
- Proficiency with scripting languages (Python, Bash, JavaScript, PowerShell)
- Self-driven in a remote working environment, motivation to continuously provide high quality work and deliverables
- You enjoy hacking (ethical), follow threat feeds, latest threat trends, know a thing or two about exploits (or have written some yourself)
- You enjoy working in a group, and believe in open collaboration as a team.
- You enjoy sharing knowledge and lessons learned, you like to share the specialized knowledge or skills you may have with the team
- You don’t make excuses for a difficult challenge, you make scripts instead.
- You know the OWASP top 10 and SANS top 20, and have an opinion about one vs the other.
MINIMUM QUALIFICATIONS
- Master’s or bachelor’s degree in cybersecurity, management information systems, computer science, or relevant discipline.
- Two of the following penetration certifications required: GWAPT, CEPT, LPT, GPEN, CPT, GXPN, PenTest+, GAWN, GMOB, CRTOP
- Proficiency with scripting languages (Python, Bash, JavaScript, powershell)
- Knowledge of incident response/forensics/red-teaming or DevOps a huge plus but not required.
- You have 5+ years of experience with penetration tests and vulnerability assessments; including internal, external, wireless, mobile, and web application testing.
- You have an understanding of API’s, how they work, and how to test them.
- You have used cloud CSP’s such as AWS, Azure, AliCloud, Google cloud, Rackspace, and any internal associated components/controls.
- You can perform social engineering campaigns including phishing, vishing, and physical.
- You can re-image your own system when necessary, and navigate Kali Linux to conduct penetration tests, with only command line access as necessary.
- You can create, modify, and write documents from command line, and write Bash scripts to automate or facilitate tasks as necessary.
- You can write professional reports with proper grammar, spelling, and punctuation, that need very little QA review.
- You can communicate with clients, and understand if something needs to be escalated internally.
- You are comfortable monitoring the metrics of a project, personal utilization, and constant improvement toward efficiency.
- You are willing to expand your knowledge, obtain relevant certifications, and meet CPE requirements as necessary.
- You are ready and willing to learn, and accept a new challenge.
- You have three or more certifications such as CEH, OSCP, OSCE, GWAPT, GPEN, CEPT, LPT, CPT, GXPN, PenTest+, GAWN, GMOB, CRTOP
Skills:
- You have working knowledge of Kali Linux and standard security assessment tools (e.g., NMAP, metasploit, Scapy, Burp Suite, SSLStrip, Ettercap, Nessus, Nikto, AppScan) and can talk about any others you have used.
- You have strong written and verbal communication skills.
- You can run scans and perform tests with minimal impact to client networks.
- You have an understanding of both iOS and Android application testing, and how to jailbreak/root devices, use emulators.
- You know about SOAP/REST/JSON web APIs and how to test them.
- You have experience using interpreted languages (Ruby, Python, PHP, etc.)
- You can explain findings in a non-technical form.
The ideal candidate may also have:
- Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#
- Knowledge of network protocol design, or zero day exploitation
- Know about static code analysis and have used SCA tools
- You have soldered to a device to exploit it, or extract information from an embedded device.
- You are an innovator, you feel something is missing, and want to create it.
- Want to work in IoT, embedded testing, or research niche threat and exploitation for the future.
REPORTS TO: Managing Consultant
PAY CLASSIFICATION: Full-Time, Exempt
RESPONSIBILITIES
- Execute internal, external, wireless, mobile, API and web application pen tests
- Execute social engineering tests, including phishing, vishing, and physical
- Execute vulnerability scans and assessments
- Compile and write client reports
BENEFITS
- Employer Paid Health, Vision, Dental
- 401 (K) Plan with Employer Matching
- Competitive Bonus Structure
- Employer Paid Life Insurance and Disability Insurance
- Generous Paid Time Off Plan
- Technology Allowance
- Vacation Bonus
- Paid Office Closure December 24-January 1
- Paid Holidays Schedule
- Certification Reimbursement
- Flu Shot Reimbursement
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs AWS Azure Bash Burp Suite C CEH Cloud Code analysis Computer Science DevOps Exploit Exploits Forensics GCP GMOB GPEN GWAPT GXPN Incident response iOS Java JavaScript JSON Kali Linux Metasploit Monitoring Nessus Nmap OSCE OSCP OWASP Perl PHP PowerShell Python Ruby SANS Scripting Security assessment Vulnerabilities Vulnerability scans Web application testing
Perks/benefits: Competitive pay Flex vacation Health care Insurance Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs