empty

Penetration Tester

PrismHR

Job Description

Posted on: 
November 18, 2024

Summary and company overview

Responsibilities

  • Work with different product and IT infrastructure teams to comprehend the business and develop the knowledge required to perform job duties and responsibilities.
  • Document and formally report testing initiatives, along with remediation recommendations and validation.
  • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial and bring-your-own (BYO) products.
  • Conduct discovery and vulnerability assessment of enterprise-wide assets.
  • Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
  • Develop and maintain tools and scripts used in penetration-testing, vulnerability management, and red team processes.
  • Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
  • Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them.
  • Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
  • Regularly research and learn new TTPs using a variety of sources, and work with teammates to assess risk and implement and validate controls as necessary.
  • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
  • Occasionally attend and participate in change management policy discussions and meetings.
  • Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
  • Maintain and track third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
  • Perform other duties as assigned.

Job Requirements

  • At least 5-7+ years' experience in information security administration, offensive tactics, monitoring and IR.
  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
  • Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
  • Strong operating system knowledge across *nix, Windows, and Mac; proficient with networking protocols.
  • Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
  • Understanding of OWASP, the MITRE Telecommunication&CK framework and the software development lifecycle (SDLC).

Experience:

  • Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
  • 5-8 years of related experience required.
  • Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
  • Self-starter requiring minimal supervision.
  • Excellence in communicating business risk and remediation requirements from assessments.
  • Analytical and problem-solving mindset.
  • Highly organized and efficient.
  • About certifications, preferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT, CISSP.

Additional commentary

Summary and company overview

Apply now