Job Description

:

Your Responsibilities

? Participate in Security Assessments and Perform penetration tests on web-based applications, networks and computer systems,

? Design and create new penetration tools and tests

? Probe for vulnerabilities in web applications, fat/thin client applications and standard applications

? Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)

? Participate and lead red teaming, fuzzing, source code review and reverse engineering.

? Work on improvements for provided security services, including the continuous enhancement of existing methodology

material and supporting assets

? Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security

strategies

? Review and define requirements for information security solutions

? Work on

o improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

o ensuring technical aspects and business processes are aligned

? Define and enable specific action plans to attain and maintain compliance to minimum requirements, security standards and project specific requirements.

? Research, document, present and discuss security findings with management and IT teams.

? Work closely with Sales in design and architecting of comprehensive security solutions for customers.

? Participate in customer facing discussions and workshops to explain solutions, and approaches to addressing customer risk

and security challenges.

Requirements

Must Have Requirements

? CREST or OSCE Certifications

? At least 2 years full-time experience conducting the following types of penetration tests:

o Servers and clients (Windows and Linux) o Web applications (including APIs)

? Experience using Kali Linux

? Familiar with penetration testing tools and frameworks, such as:

o Nessus

o Burp Suite o NMAP

o Metasploit o Fortify

o AppScan

? Experience performing digital forensic investigations (including maintaining integrity and chain-of-custody of evidence)

? Familiar with AWS, Azure, and/or GCP

? Familiar with the OSI model and attack vectors at each layer

? Familiar with cryptographic principles

? Good team player, with excellent verbal and written communication skills.

? Ability to take ownership of an initiative/issue through completion

Great to Have Requirements

? Familiar with cloud-native penetration testing (serverless architectures such as functions and containers)

? Familiar with reverse engineering binary applications

? Experience with automation and scripting in any of the following languages:

? Familiar with git or other source control methodologies

? Experience in consulting assignments to assess organizational security posture, develop security roadmaps and remediation

plans, etc.

? Experience in technically supporting sales and customer engagements through presales and other advisory activities.

o Shell, bash, zsh, etc.

o PowerShell

o Python (Python 3 preferred)

Formal Education

? Degree in Computer Science, Information Systems, Engineering, Digital Forensics or equivalent qualifications is preferred.