Penetration Tester / Security Assessor

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Designs and develops acceptance criteria for cybersecurity architecture.

• Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organization’s security posture. 
• Perform web application penetration testing to identify and exploit OWASP Top 10 web application vulnerabilities.
• Leverage threat intelligence to emulate known threat actors’ tactics, techniques, and procedures. 
• Partner with various cybersecurity teams to improve automation and detection of threat actors.
• Engage with technical and non-technical audiences to articulate both techniques and results. 

Minimum Qualifications

• Bachelor’s Degree in Computer Science or a related field or equivalent experience.
• 5-10 years of experience in systems security with a minimum of 2+ years in information security, penetration testing, or ethical hacking.

Other Job Specific Skills

• Must possess demonstrated experience planning and conducting penetration tests against networks and web applications.
• Demonstrated experience conducting vulnerability assessments and penetration tests.
• Expertise with tools such as Bloodhound, Burp Suite, Cobalt Strike, Metasploit, and Mimikatz.
• Hands-on experience with penetration testing tools and frameworks.
• Portfolio of security assessments or CTF achievements (preferred).
• Experience with network scanning, enumeration, and exploiting vulnerabilities.
• Proficiency in Windows, Linux, and macOS environments.
• Understanding of system hardening techniques and common misconfigurations.
• Knowledge of programming languages like Python, Ruby, or JavaScript for creating custom scripts and exploits.
• Familiarity with bash, PowerShell, or other scripting languages for automation.
• Understanding of web technologies, including HTML, JavaScript, and SQL.

Preferred Skills

• Experience in identifying and exploiting vulnerabilities in web applications, networks, and systems.
• Familiarity with CVSS (Common Vulnerability Scoring System) and understanding how to prioritize vulnerabilities based on risk.
• Ability to analyze and critique code for security vulnerabilities.
• Familiarity with common vulnerabilities such as SQL injection, XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and buffer overflows.
• Strong understanding of network protocols, architecture, and components (e.g., TCP/IP, DNS, HTTP, VPNs, firewalls, routers, switches).