Senior Penetration Tester (Pen Tester)
NY, New York
Title: Senior Penetration Tester
Type: Permanent/Full Time Employed
Must Have: Linux environment experience; open to working East Coast hours
US citizens and Green Card Holders and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.
We are seeking a Senior Penetration Tester to conduct network vulnerability assessments, application security assessments, and penetration testing for a variety of our clients.
Job duties include, but are not limited to, performing social engineering campaigns, wireless network assessments, and other miscellaneous offensive security functions. The Senior Penetration Tester will lead and mentor junior members to enhance and develop their technical capabilities along with professional client service interactions. Other responsibilities will include pre-sales scoping and support, client development, and conflict resolution. The successful candidate will be self-disciplined and able to work on individual tasks, sometimes without clear requirements, and must work well in a team environment.
REQUIRED KNOWLEDGE AND EXPERIENCE:
The Senior Penetration Tester should have a combination of experience or certifications. Experience should be identified by previous job duties, published work, or public presentations. The requirements for this position are:
· Information Security Fundamentals – 5 years of experience, BS degree (or higher) in a technical discipline, or certifications like GSEC, GCIH, CISSP, or Security+
· Consulting – 4 years of experience
· Penetration Testing – 4 years of recent experience or certifications like CEH, OSCP, GPEN, or GXPN
· Web Application Assessments – 2 years of recent experience or certifications like OSWE or GWAPT
· Wireless Assessments – 2 years of experience or certifications like OSWP or GAWN
· Well-known vulnerability assessment and penetration testing methodologies
· Strong understanding of networking and common TCP/IP protocols
· Strong knowledge of Windows system components and networks to include Active Directory concepts
· Knowledge of web application design & implementation concepts to include supporting systems
· Expert knowledge, skills, and abilities in the use of common vulnerability assessment and penetration testing tools such as Metasploit, Nessus, Nmap, Burp Suite, PowerSploit, and Impacket. These are examples and are not a requirements list.
· Expert knowledge of common vulnerabilities, exploits, and attacks used during a penetration test
· Familiar with at least one programing or scripting language such as C, Java, Ruby, Perl, or Python
IDEAL PERSONAL CHARACTERISTICS:
· Verbal and written communication skills
· Documentation skills
· Interpersonal and conflict resolution skills
· Customer service-oriented capabilities
· Creative problem solving and analytical thinking
· Willing to accept new challenges and learn in new areas
· Flexible and responsive to changing situations; adaptable to changing requirements
This position requires research, preparation, and participation in presentations and customer briefings, as well as occasional travel (~25%) to customer locations.
· Social Engineering tactics, techniques, and procedures
· Offensive Security Certified Expert (OSCE) certification
· Payment Card Industry knowledge and penetration testing concepts
· Proficient programming capabilities
· Threat modeling, adversary emulation, or long duration Red Team exercises
· Mobile application assessments