Senior Penetration Tester
Reston, Virgina, United States
Applications have closed
Qualtrics
Know what your customers and employees need, when they need it, and deliver it every time with powerful, AI driven Experience Management (XM) software.Are you passionate about security in the cloud? Are you looking for a place to put your skills and passion for security operations and penetration testing techniques to work with the latest cloud-based technologies? Do you enjoy the daily life of working within a global security operations center? Do you sleep with hacking and other security books under your pillow? Do you enjoy not having the same day twice? If so, Clarabridge is the place for you. We are seeking a Senior Penetration Tester to join a highly successful team within a fast-paced growth company.
Our security mission: Clarabridge strives for customer confidence and trust by delivering software that provides security and privacy for data protection throughout the customer lifecycle backed by globally recognized standards, compliance, and regulatory drivers.
As our Senior Penetration Tester, you will be a deeply technical, hands-on, keep that Spreadsheet away from me security practitioner. You are thirsty for finding bad things before others and engaging with techies and engineers for thoughtful pontification about differences on risk. Your responsibilities include advanced security operations center investigation, prevention and remediation, penetration testing (automated and hands-on), threat hunt, malware analysis, and forensics—and you will support vulnerability management and lead intrusion detection/prevention (IDS/IPS), and cyber and physical threats analysis activities.
You will monitor global threats and kick the tires, check the engine, and break things before others do by leading the testing of physical, logical, and electronic protection of data, including cloud, corporate, web application, access control, intrusion detection/prevention, virus protection, and more.
What you'll do
The Senior Penetration Tester reports to the Deputy CISO and has the following responsibilities:
- Serves as a penetration tester, tier 3 SOC engineer, and lead incident handler, including leading Blue/Red (Purple) team simulations to help develop indicators of compromise (IOC) to improve monitoring, prevention, and SOC awareness.
- Conducting research and developing tools or scripts to automate tasks.
- Leading and performing penetration tests and technical security assessments on our multi-cloud environments, applications, and corporate offices (e.g., physical, network, wireless, web application, social engineering).
- Developing an understanding of the business and customer requirements and liaise with and serve as technical subject matter expert for development, operations, engineering teams, and customer penetration testing activities.
- Performing or contributing to security engineering and architecture initiatives following best practices.
- Identifying distributed systems security issues as they arise and coordinates with appropriate business units and customers to ensure issue mitigation on a timely basis.
- Maintaining competence in security trends, technologies, and practices through self-study and attendance of industry events and providing internal training.
About you
This position requires or prefers the following competencies for this position:
- Bachelor’s degree in computer science, cybersecurity, information security, or other security-related discipline is required. A degree from a deep technical institute (e.g., SANS Institute) a plus. Associate degree candidates with the right technical hands-on experience will receive consideration.
- Three years performing hands-on penetration testing (blackbox, graybox, whitebox), fuzzing, and other testing-related activities in a SaaS and/or cloud service provider environment is required.
- Hands-on SOC, technical consulting, and scripting position in SaaS and cloud.
- Must have a love for the art of penetration testing (web, mobile, internal, external) and tools and techniques, incident response activities and containment, and the ability to remain calm and steady.
- Knowledge of at least one of the following, PCI, HIPAA, or NIST Cybersecurity Framework.
- Must possess one of the following current applicable professional certifications: Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Penetration Tester (CPT).
- Familiarity with the ATT&CK framework.
- Experience performing forensics, building labs, or test environments.
- Must have deep, hands-on familiarity with cloud, systems, networks, web applications, firewalls, IDS/IPS, and testing of hardware, software, and firmware.
- Experience with interpreted and scripting languages (BASH, PowerShell, Python, Perl, etc.), including code review and using automated tools, is a strong must.
- Strong communications skills, with the ability to speak to a variety of audiences about complex security matters.
- Able to perform and prioritize a variety of tasks, work independently or within a cross-functional group and mentor other team members.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Bash CEH Cloud Compliance Computer Science Firewalls Forensics GIAC GPEN GWAPT HIPAA IDS Incident response Intrusion detection IPS Malware Monitoring NIST Offensive security OSCP Pentesting Perl PowerShell Privacy Python SaaS SANS Scripting Security assessment Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs