Position at Clear Capital
As a Security Engineer specializing in penetration tester, you will perform authorized penetration testing on computer networks, applications, and infrastructure components in order to expose weaknesses in their security that could be exploited.
At the direction of the Offensive Security Team Lead, you will plan penetration testing engagements on computing systems including: internal/external networks, Windows and Linux endpoints, network hardware, web/mobile applications, APIs and web services.
Primary Duties and Responsibilities
As a Penetration Tester you'll understand complex computer systems and technical cyber security concepts. You'll need to:
- Work with internal teams to determine test activities, for example the number and type of systems in scope for testing
- Plan and create penetration methods, scripts, and tests
- Carry out testing of the infrastructure to expose weakness in security controls
- Simulate security breaches to test a system's relative security
- Create reports from your findings, including the security issues uncovered, level of risk, and recommend risk treatments
- Identify problems, you may also provide advice on how to minimize risks and provide advice on methods to fix or lower security risks to systems
- Present your findings, risk and conclusions to stakeholders
- Consider the impact your 'attack' will have on the business and its users
- Understand and effectively communicate how the flaws you identify can affect the business, or business function, if they're not fixed
Relevant Degree in:
- Computer science
- Computing and information systems
- Cyber security
- Forensic computing
- Network management
- Computer systems engineering
- If your degree is in an unrelated subject, in-depth knowledge of computer operating systems with demonstrable skills in compromising computer systems is required
Along with a relevant degree, having one or more professional qualifications will be an added advantage:
- Offensive Security Certified Professional (OSCP)
- GIAC Penetration Tester (GPEN) Certification
- GIAC Web Application Penetration Tester (GWAPT)
- Industry certification from major vendors and equipment providers like Microsoft (MCP, MCSE) or Cisco (CCNA Security )
You'll need to have:
- An In depth understanding of computer systems and their operation
- Excellent spoken and written communication to explain your methods to a technical and non-technical audience
- Attention to detail, to be able to plan and execute tests while considering requirements
- The ability to think creatively and strategically to penetrate security systems
- Good time management and organizational skills to meet deadlines
- Ethical integrity to be trusted with a high level of confidential information
- The ability to think laterally and 'outside the box'
- Teamwork skills, to support colleagues and share techniques
- Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
- Business skills to understand the implications of any weaknesses you find
- Commitment to continuously update your technical knowledge base
- Experience using common penetration test tools such as Burp Suite Pro, application scanners, Nessus, Nmap, Metasploit Pro, and Kali-Linux tools - required
- Experience in application development highly desirable
- Experience in penetration testing against OWASP, SANS and other Secure Development strategies highly desirable
Clear Capital is the premier provider of real estate valuation, analytics, and technology solutions. Powered by its more than 45 years worth of information on nearly every U.S. metro, neighborhood, and property, Clear Capital's solutions are trusted by community credit unions and billion-dollar financial institutions alike. Clear Capital is headquartered in Reno-Tahoe with a team of more than 700 nationwide, dedicated to going wherever it leads, and doing whatever it takes.
Clear Capital is an equal opportunity employer.
To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.