Penetration Tester (white box) & Vulnerability

Overview

Remote
$180,000 - $190,000
Full Time

Skills

Mobile Testing
Cloud Testing
Threat Analysis
Python
Vulnerability Assessment

Job Details

NO SPONSORSHIP

Penetration & Vulnerability Testing (white box)

SALARY: $180k - $190k plus 15% bonus

REMOTE from these states:  IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, WI, DC

Must be strong with a slew penetration testing tools listed on the job

The Security Penetration Tester will focus on testing consisting of threat intelligence gathering, network & web application penetration testing, Cloud security testing, physical security testing, mobile device security testing, and more.

 

The ideal candidate will have extensive experience in more than one of the following: Open-Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, as well as a deep knowledge of scanning tools and vulnerability enumeration. Experience testing database servers using python scripting and automation.

 

  • Assist the Security Penetration Testing Team to perform testing based on organizationally defined scope with strict adherence to the agreed-upon rules of engagement.
  • Conduct various Security Penetration Testing Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Cloud Security Testing, etc.
  • Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing
  • Coordinate with IT owners to re-test and validate remediated Security Penetration Testing Team findings
  • Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
  • Understand vulnerabilities and develop relevant exploits for use during Security Penetration Testing Team activities.
  • Verify vulnerability false positives
  • Perform security risk assessment, threat analysis and threat modeling.
  • Perform independent reviews of security, network, and applications.
  • Plan/Design/Execute security related activities and create artifacts.

 

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

 

  • Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Infrastructure Development, Open Source Intelligence, and more.
  • Proven due diligence and research ability via open-source avenues and technology.
  • Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).
  • Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
  • Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
  • Strong knowledge of cryptography

 

Technical Skills:

  • Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
  • Demonstrated exploit and vulnerability experience
  • Strong proficiency in intelligence gathering.
  • Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
  • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
  • Strong proficiency with common penetration testing tools (Kali, Metasploit, Nmap, Qualys, Nessus, Nexpose, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Impacket, etc.).
  • Track record of vulnerability research and CVE assignments

 

Education and/or Experience:

  • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required
  • 3+ Years experience of Penetration testing
  • 6+ Years experience in Information Assurance or Information Security environment.

Certificates or Licenses:

  • Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.