Penetration Tester
Description:
This position involves performing security vulnerability assessment and penetration testing. Penetration tests will involve a mixture of environments, including network devices, servers, systems, databases and applications that are web-based, server-based and virtual. The successful candidate will work effectively in both individual and team environments. The incumbent must be a self-starter, who is able to contribute to the overall success of the team as well as within other teams.
Primary Responsibilities of the Security Specialist I, Global Security Operations Center Role
· To perform network, system and application vulnerability assessments and penetration testing.
· To do pen-source and commercial testing tools including Kali Linux, Nessus, Metasploit, Nmap, Burp Suite Proxy, Wireshark, Kismet, etc. Additionally, must maintain awareness and knowledge of newly released open-source tools and exploits.
· To use various scripting languages such as Python, Perl, PowerShell, Bash, etc.
· To analyze identified vulnerabilities to write clear and concise assessment, penetration testing and compliance reports.
· To configure, administrate, and troubleshoot Operating Systems including Unix/Linux, Windows, iOS, Android, and the various network devices.
· To applies advanced knowledge of concepts, practices, and procedures of IT Security, with awareness of related fields.
· Applies analytical and interpretive thinking to complex problems; determines methods /procedures based on professional judgment to achieve desired outcomes.
Knowledge, Abilities & Skills
Skills/Competencies
Knowledge of TCP/IP protocols and networking architectures.
Knowledge of databases, applications, and web server design and implementation.
Knowledge of security and IT standards, such as PCI DSS v3.0 & NIST SP800.
Knowledge of the National Vulnerability Database (NVDB) & the Common Vulnerabilities and Exposures List (CVE). CVE is a dictionary of publicly known information security vulnerabilities and exposures.
Excellent time management, written documentation, and oral presentation skills.
Experience, Qualifications, Certifications & Travel
Minimum Requirements
Education:
Bachelor’s degree in Information Technology, Computer Science, or related field. Experience may be evaluated in lieu of educational requirements on a case-by-case basis.
Experience: (3+ years' experience)
· Experience with mobile devices and mobile application security, including secure configuration and tools, techniques, and procedures for security testing.
· Experience assessing and testing network devices, including firewalls, routers, VPNs, and switches.
· Experience with programming and scripting in C++, Perl, Python, bash, Java and/or Assembly Language (x86).
· Experience with TCP/IP including but not limited to HTTP, HTTPS (SSL), DNS, SMTP, MSRPC, RDP and SSH.
· Experience with wireless network security, including secure configuration and tools, techniques and procedures for security testing.
· Experience with application security, including source code review.
· Experience with audit techniques to identify insecure configurations of Windows/Unix/Linux, web servers (Apache, IIS, etc.), databases (MySQL, MSSQL, Oracle, etc.) and web application scripts (PERL, Python, ASP, etc.).
· Experience with one or more social engineering test modes (physical, phishing or pre-texting).
· Will consider relevant security certifications such as CEH, GIAC, CISSP, GPEN, CEPT, LPT, CPT, OSCP, etc.
Travel: None