Requirement details:

Role: Penetration Tester

Location: Plano, TX (Hybrid)

Experience: 8 Years

Duration: Long Term

Note: Need only on W2, NO C2C

Job Description

SUMMARY:

The role is responsible for conducting tests to reproduce adversaries in enterprise system, reporting findings, designing threat model, and developing countermeasures to minimize the potential impacts. Also, responsible for conducting testing for more advanced or privileged scenarios. As required, this role is responsible for developing policies and guidelines for enterprise application security and ensuring security compliance. In addition, this person will analyze problems and lead the working team to solve them and provide assistance as needed.

KEY RESPONSIBILITIES:

• Perform Penetration Testing and Red Team techniques to discover and exploit vulnerabilities, analyze problems, lead the working team to solve them, and provide assistance as needed.
• Perform automated and manual hands-on penetration security testing, identifying security risks within applications, security controls, and infrastructure.
• Plan, execute, and report on all testing activities and outcomes.
• Participate in regular Purple team exercises and perform adversary simulations to test defense controls.
• Perform internal and external penetration testing of network infrastructure, applications, and databases.
• Promote computer security awareness through hacker demonstrations, working with Cyber-defenders, and presenting detailed security testing project debriefs.
• Create findings reports and communicate to stakeholders
• Recommend and implement improvements to testing processes/methodologies.
• Develop the set of security standards and best practices, recommending enhancements as needed
• Work closely with the Blue team to test the efficacy of existing alerts and help create new detection.
• Work closely with tools engineering teams to prioritize and remediate vulnerabilities.
• Work closely with the SOC team to improve incident and threat detection capabilities. Work closely with corporate IT and DevOps to install and configure security solutions.
• Review information security trends and news sources for emerging threats and vulnerabilities
• Review systems, networks, and devices to identify vulnerabilities, audit findings, and compliance issues.

MINIMUM QUALIFICATION

• 5 years of experience in Cybersecurity
• Experience with Web application development, system administration, and the software and system development life cycle
• 4 years of experience with executing Web application, network, cloud infrastructure, and system penetration tests for clients
• Experience with leveraging Open Source penetration testing tools, such as Metasploit and the Kali Linux tool set
• Experience with code analysis tools such as Veracode, CodeSonar, etc.
• Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C , C#, or Java, including scripting and editing existing code
• Knowledge of AWS and/or Azure security practices
• Knowledge of open security testing standards and projects, including OWASP
• Ability to assist remediation efforts for discovered vulnerabilities
• Ability to mentor junior and mid-level staff by teaching the latest penetration testing techniques and to operate and lead organized security testing engagements with little assistance while demonstrating teamwork
• Possession of excellent oral and written communication skills to communicate effectively and professionally with clients, teammates, and senior leadership
• Ability to clearly convey results in formal technical reports and deliver briefings to various stakeholders.

PREFFERED QUALIFICATION

• BA or BS degree
• Experience with red-teaming and covert computer network exploitation
• Experience with programming
• Knowledge of secure coding best practices
• Ability to craft custom exploits for proof-of-concept code
• Offensive Security Certified Professional (OSCP), or SANS GIAC Penetration Tester, including GPEN and GXPN Certification
• CEH certification