Lead Penetration Tester
Salary: Open
Location: Chicago, IL or Dallas, TX
Hybrid: 3 days onsite, 2 days remote
Qualifications
- Areas of expertise to include Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Infrastructure Development, Open-Source Intelligence, etc.
- 3+ Years' experience of Penetration testing
- 6+ Years' experience in Information Assurance or Information Security environment.
- Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
- Demonstrated exploit and vulnerability experience
- Strong proficiency in intelligence gathering.
- Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation.
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Strong proficiency with common penetration testing tools (Kali, Metasploit, Nmap, Qualys, Nessus, Nexpose, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Impacket, etc.)
- Bachelor's degree (preferred)
- Certifications (preferred)
Responsibilities
- Conduct various Security Penetration Testing Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Cloud Security Testing, etc.
- Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing
- Coordinate with IT owners to re-test and validate remediated Security Penetration Testing Team findings
- Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
- Understand vulnerabilities and develop relevant exploits for use during Security Penetration Testing Team activities.
- Verify vulnerability false positives
- Perform security risk assessment, threat analysis and threat modelling.