Vulnerability Management Analyst

Penetration Tester

Core BTS, Inc. Remote Contract to Hire

Through Core BTS Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles. Our client in (area/region) has an immediate need for a (job title).Please note that this is a (contract/contract to hire/direct hire) opportunity with our client and NOT with Core BTS.

Location: Remote Full Time

Summary

Core BTS is looking for a Penetration Tester to join our growing and dynamic Red Team within our security practice. As a member of the security services consulting team, focused on Red Teaming, Penetration Testing, Vulnerability Assessments and Management, you will work in a collaborative environment to assist clients in the evaluation and remediation of security risks.

Essential Duties

Perform Red Team, Penetration Testing, and Social Engineering activities within Offensive Security Assessment projects.

Draft detailed vulnerability and risk remediation recommendations, reports, and plans for clients and the security findings of their vulnerability management processes.

Provide both technical-level and business-level reports, including presentations to articulate cybersecurity risks and recommendations.

Perform advanced technical cyber security assessments, including Penetration Testing and Red Team engagements, as required.

Monitor trending security vulnerabilities and risks within the industry, including weaponization of vulnerabilities and zero-day vulnerabilities.

Track high-severity vendor security updates and patches.

Technical Skills

Required

Penetration Testing Tools (such as, Metasploit, Cobalt Strike, etc.)

Tenable Vulnerability Product Suite (including, Tenable.sc,

Nessus Manager, and/or Nessus Professional)

Network Scanning Tools (including, NMAP and/or equivalent port/protocol scanning tools)

Microsoft Azure and/or Windows Security Policy Administration

Microsoft Active Directory Attacking Experience

Microsoft Windows and GNU/Linux Proficiencies (including, Command Line Interface access)

Application Vulnerability Scanning (such as, VeraCode, Snyk, SonarQube BurpSuite Professional, and/or equivalent web development security tools)

Web Application Security Testing (such as, BurpSuite, OWASP ZAP, Nikto, and/or equivalent web application testing tools)

Knowledge of the MITRE ATT&CK Framework

Preferred

Additional Vulnerability Scanning and Analysis Platforms (such as, Qualys, Nexpose, OpenVAS, etc.)

Scripting and/or Coding (such as, Perl, Python, Ruby, C/C++, Go, etc.)

Microsoft Windows System Administration

GNU/Linux System Administration (including, Debian and Red Hat derivative distributions)

Professional Experience

Required

Penetration Testing and/or Red Teaming

Vulnerability Assessments and/or Vulnerability Management

Technical and/or Offensive Security Assessment Report drafting and delivery

Technical Vulnerability Risking, Ranking, and Prioritization

Three or more (3+) years of experience in Cybersecurity (Vulnerability Management, Penetration Testing, Red Teaming, etc.)

Preferred

Vulnerability Research and/or Exploit Development

Cybersecurity Risk Management Lifecycle

Security Guidance and Consulting

Five or more (5+) years of experience in Cybersecurity (Vulnerability Management, Penetration Testing, Red Teaming etc.)

Education and Certifications

Required

Degree or equivalent professional experience in Cybersecurity or Information Technology

CompTIA Security+, or other entry-level cybersecurity knowledge certification

Practical Network Penetration Tester (PNPT)

OR Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP)

Preferred

Bachelors Degree in Cybersecurity, Information Technology, or Network Technology, or another related technical field.

One of the Following:

GIAC Certified Penetration Tester (GPEN, GXPN)

Certified Red Team Operator (CRTO)

Certified Red Team Professional (CRTP)