Launch Gig Jobs

Open Opportunities

Information Security Penetration Tester

Position Description

The purpose of the Information Security Penetration Tester role is to identify vulnerabilities and security risks by performing vulnerability testing across the network enterprise and advise various departments and staff on how to remediate findings. This position develops vulnerability testing plans and keeps current on security attack risks and methods.

 

Primary Duties and Responsibilities

The primary duties and responsibilities of the Information Security Penetration Tester follow:

  • Conduct security penetration testing and performs ongoing vulnerability assessment and penetration testing of internal, perimeter, external and wireless networks and web applications
  • Identify weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive and confidential company information and data
  • Ensure security requirements are implemented within various stages of the system development lifecycle process; work closely with development teams to pen test new features within internally developed applications
  • Validate and address vulnerability / threat findings from static and dynamic analysis tools
  • Characterizes threats and provides recommendations for remediation; manages remediation efforts to completion
  • Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company
  • Coordinate, schedule and perform routine internal application, network, system and infrastructure penetration testing
  • Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products
  • Examine communications protocols and data storage mechanisms for security risks
  • Validate, address and document responses to security findings from third-party penetration testing engagements
  • Conduct security assessments against web applications and APIs across a variety of technology stacks
  • Ensure adequate security requirements and privacy by design are built in to all architecture/infrastructure/projects
  • Member of the Security Incident Response team as needed
  • Perform other security team relevant duties and responsibilities as assigned

 

Qualifications

Experience / Education / Certifications

  • Bachelor’s degree preferred in Computer Sciences, Information Technology, Information Security or other related field
  • Five (5) years of related work experience, which includes two (2) years of practical experience in security incident management and response and two (2) years of practical experience in threat modeling, penetration testing and/or secure application development
  • Knowledge of TCP/IP networking required
  • Knowledge of penetration testing methodology required
  • Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and Mobile Top 10
  • CE|H Certification or comparable penetration testing certification required.
  • At least one industry standard certification such as Certified Information Systems Security Professional (CISSP) or Security+ highly desired
  • Have an understanding of OS concepts such as scheduling, interrupt handling, virtualization of computing resources
  • Demonstrate an understanding of programming and scripting skills
  • Familiar with application security tools such as Rapid7, Core Impact, BurpSuite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, Kali Linux
  • Experience with an interpreted programming language (PHP, Python, Perl, Ruby, Java, Node.js, JavaScript, etc)
  • Ability to think outside the box and emulate adversarial approaches
  • Comfortable working independently but able to escalate problems as necessary
  • Willing to guide and mentor fellow team members

 

Skills

  • Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
  • Clear ability to build strong relationships and establish trust with stakeholders at all levels.
  • Excellent verbal and written communications skills – effecting communicator who engages well with technical and non-technical audiences alike
  • Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner
  • Ability to solve complex problems in a timely manner by working with multiple stakeholders
  • Ability to manage multiple tasks and work streams effectively
  • Ability to follow detailed procedures and processes with a high degree of accuracy.
  • Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
  • Experience managing project through the full system development lifecycle
  • Multiple language abilities preferred – fluency in English (written and spoken) required
  • Flexibility to travel as required up to 25% overnight travel

 

Upload your CV/resume or any other relevant file. Max. file size: 300 MB.

Share this Job