The Penetration Tester/Ethical Hacker is responsible for assessing a customer’s business and operating environment risk and infrastructure vulnerability posture.
This position requires a wide range of knowledge of network infrastructures, operating systems hardware platforms, networking systems and the security vulnerabilities within each category.
The qualified individual in this position will scan customer networks to discover and exploit security flaws and vulnerabilities with attack simulations on multiple platforms working against a specific customer-focused scope of work.
This position requires a highly technical skill level to assess the risks and vulnerabilities of a customer’s network while being able to articulate the issues to a non-IT professional audience. Excellent communication skills, both oral and written are required to provide the reporting information to the customer after the tests are completed.
When not performing the specific Scanning and Penetration Testing / Ethical Hacking functions, the individual in this position will provide support to the Security Advisors with other security assessments and gap analysis functions.
- Excited to work with engineers on security features and risk mitigation’s
- Passionate about keeping customers safe
- Curious enough to hunt for vulns through large, complex code bases
- Obsessed with breaking software
- Able to articulate technical details and risks to lay people
- 5 years of relevant security experience
- Deep linux expertise
- Experience testing low level C components
- Programming experience in compiled and scripting languages
- Expertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)
- Experience attacking cryptographic implementation issues (TLS misconfigurations, etc.)
- Networking experience
Responsible for scanning and performing in depth penetration testing and reporting customer business and operating environments and network infrastructure related to compliance and other relevant industry standards.
Activities include, but are not limited to the following:
- Understand the Scope of Work for each customer agreement and perform the duties and tasks required by those agreements in an organized, professional manner.
- Perform vulnerability assessments and penetration testing, utilizing commercial and open source tools.
- Conduct web application penetration testing in line with Open Web Application Security Project.
- Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific customer systems and networks in accordance with an agreed scope of work.
- Effectively provide technical risk assessment of technologies in networks, applications, systems, wireless, and perform social engineering.
- Review and analyze security vulnerability data to identify applicability and false positives.
- Ability to solve complex technical problems and articulate to non-IT personnel.
- Report on findings and advise customers in remediation activities as required.
- Research and develop testing tools, techniques, and process improvements.
- When time allows, perform security assessments and gap analysis of system infrastructures in alignment with the PCI DSS, HIPAA and other well-known information security requirements.
To apply for this job please visit cyberwarzone.com.