Hybrid, 3 days onsite, 2 days remote
We are unable to sponsor as this is a permanent Full time role
A prestigious company is looking for a Lead Penetration & Vulnerability Tester. This Lead will focus on network, web applications, cloud, mobile applications, and devices penetration testing. The lead will do White Box penetration testing and working with as many of the testing tools as possible (Kali, Metasploit, Nmap, Qualys, Nessus, Nexpose, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Impacket)
Responsibilities:
- Conduct various Security Penetration Testing Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Cloud Security Testing, etc.
- Conduct ad-hoc white-box penetration testing work of company's infrastructure that is still currently in Development, or in need of pre-Production penetration testing
- Coordinate with IT owners to re-test and validate remediated Security Penetration Testing Team findings
- Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
- Understand vulnerabilities and develop relevant exploits for use during Security Penetration Testing Team activities.
- Ensure alignment of security controls in company's testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices.
- Assist management with the improvement of policies and procedures to support Security Testing activities as well as other security duties which may arise.
- Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.
Qualifications:
- BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required
- 3+ Years' experience of Penetration testing
- 6+ Years' experience in Information Assurance or Information Security environment.
- Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Infrastructure Development, Open Source Intelligence, and more.
- Proven due diligence and research ability via open-source avenues and technology.
- Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).
- Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming language.
- Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
- Demonstrated exploit and vulnerability experience
- Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation.
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Strong proficiency with common penetration testing tools (Kali, Metasploit, Nmap, Qualys, Nessus, Nexpose, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Impacket, etc.).
- Track record of vulnerability research and CVE assignments
- Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.