Vunerability and Penetration Tester (VAPT)

Job Title: Vulnerability and Penetration Testing Engineer

About Us: We are a dynamic and innovative organization committed to safeguarding our digital landscape. As a leader in the field, we prioritize security to protect our assets and maintain a robust risk management framework. Join our talented team and play a crucial role in fortifying our defenses against evolving cyber threats.

Position Overview: As a Vulnerability and Penetration Testing Engineer, you will leverage your extensive experience, cutting-edge testing tools, threat intelligence, and risk management expertise to assess and enhance our security posture. Your role involves delivering prioritized findings based on projected business impact, providing comprehensive post-analysis consulting, and actively engaging in ongoing industry research.

This is a hybrid onsite role in either Tampa or Chicago.

Key Responsibilities:

• Serve as the subject matter expert within our VAPT team.
• Analyze proposed and existing solutions for adherence to secure system design standards, regulatory requirements, and professional obligations.
• Architect, implement, and support assessment solutions for the protection of organizational assets.
• Provide effective oversight and guidance for fellow VAPT team members.
• Evaluate and adopt relevant products, tools, and techniques to enhance assessment capabilities.
• Prioritize assessments to maximize risk reduction efforts considering business impact and resource availability.
• Develop clear and comprehensive assessment reports summarizing findings and recommendations.
• Act in a consulting role to assist constituents with remediation activities.

Skills and Experience:

• Commanding knowledge of VAPT concepts and best practices, including WhiteHat/ethical hacking requirements.
• Expert understanding of the differences between vulnerability assessments and penetration tests.
• Extensive experience with automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave.
• Proficiency in common attack tools and frameworks like Wireshark, Kali, and Metasploit.
• Expertise in mobile platform security technology and best practices.
• Ability to validate identified vulnerabilities accurately.
• In-depth understanding of security concepts, technologies, controls, and best practices.
• Working knowledge of information security frameworks (ISO27001, NIST, CIS).
• Expertise with risk management principles in the context of application assessments.
• Familiarity with encryption technologies and standards, both at-rest and in-flight.
• Analytical skills for gathering and analyzing facts, defining problems, and promoting solutions.
• Proficient in oral and written English.
• Ability to work productively and maintain focus without direct supervision.
• Certifications such as GPEN, OSCP, GWASP, GMOB, or equivalent are preferred.
• Optional certifications: CISSP, SSCP, CISM, CRISC, CISA, or CGEIT.

If you're passionate about cybersecurity and possess the skills to fortify our defenses, we invite you to join our team. Apply now and be part of an organization committed to excellence in security and risk management.