Security Analyst Pen Tester

Your Responsibilities

Participate in Security Assessments and Perform penetration tests on web-based applications, networks and computer systems,

Design and create new penetration tools and tests

Probe for vulnerabilities in web applications, fat/thin client applications and standard applications

Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)

Participate and lead red teaming, fuzzing, source code review and reverse engineering.

Work on improvements for provided security services, including the continuous enhancement of existing methodology

material and supporting assets

Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security

strategies

Review and define requirements for information security solutions

Work on

o improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

o ensuring technical aspects and business processes are aligned

Define and enable specific action plans to attain and maintain compliance to minimum requirements, security standards and project specific requirements.

Research, document, present and discuss security findings with management and IT teams.

Work closely with Sales in design and architecting of comprehensive security solutions for customers.

Participate in customer facing discussions and workshops to explain solutions, and approaches to addressing customer risk

and security challenges.

Requirements

Must Have Requirements

CREST or OSCE Certifications

At least 2 years full-time experience conducting the following types of penetration tests:

o Servers and clients (Windows and Linux) o Web applications (including APIs)

Experience using Kali Linux

Familiar with penetration testing tools and frameworks, such as:

o Nessus

o Burp Suite o NMAP

o Metasploit o Fortify

o AppScan

Experience performing digital forensic investigations (including maintaining integrity and chain-of-custody of evidence)

Familiar with AWS, Azure, and/or GCP

Familiar with the OSI model and attack vectors at each layer

Familiar with cryptographic principles

Good team player, with excellent verbal and written communication skills.

Ability to take ownership of an initiative/issue through completion

Great to Have Requirements

Familiar with cloud-native penetration testing (serverless architectures such as functions and containers)

Familiar with reverse engineering binary applications

Experience with automation and scripting in any of the following languages:

Familiar with git or other source control methodologies

Experience in consulting assignments to assess organizational security posture, develop security roadmaps and remediation

plans, etc.

Experience in technically supporting sales and customer engagements through presales and other advisory activities.

o Shell, bash, zsh, etc.

o PowerShell

o Python (Python 3 preferred)

Formal Education

Degree in Computer Science, Information Systems, Engineering, Digital Forensics or equivalent qualifications is preferred.

Must Have Requirements CREST or OSCE Certifications At least 2 years full-time experience conducting the following types of penetration tests: o Servers and clients (Windows and Linux) o Web applications (including APIs) Experience using Kali Linux Familiar with penetration testing tools and frameworks, such as: o Nessus o Burp Suite o NMAP o Metasploit o Fortify o AppScan Experience performing digital forensic investigations (including maintaining integrity and chain-of-custody of evidence) Familiar with AWS, Azure, and/or GCP Familiar with the OSI model and attack vectors at each layer Familiar with cryptographic principles Good team player, with excellent verbal and written communication skills. Ability to take ownership of an initiative/issue through completion Great to Have Requirements Familiar with cloud-native penetration testing (serverless architectures such as functions and containers) Familiar with reverse engineering binary applications Experience with automation and scripting in any of the following languages: Familiar with git or other source control methodologies Experience in consulting assignments to assess organizational security posture, develop security roadmaps and remediation plans, etc. Experience in technically supporting sales and customer engagements through presales and other advisory activities. o Shell, bash, zsh, etc. o PowerShell o Python (Python 3 preferred) Formal Education Degree in Computer Science, Information Systems, Engineering, Digital Forensics or equivalent qualifications is preferred.