Penetration Tester

Penetration Tester

PPH-Domestic-Core-IZ

Full Time

82263BR

Job Summary

We are seeking an experienced Penetration Tester specializing in web application testing. The incumbent will be responsible for conducting comprehensive assessments of our web applications to identify vulnerabilities and improve security. This position supports the California Immunization System and involves work implementing and maintaining measures to safeguard the system from unauthorized access, data breaches, and cyber threats. This position will:

1. Conduct penetration testing on web applications to identify vulnerabilities that could be exploited by adversaries.
2. Perform white-box, gray-box, and black-box testing of enterprise applications and assets, and provide actionable reports to technical teams and stakeholders.
3. Collaborate with the Information Security Office (ISO) and system owners to define the rules of engagement (ROE) for penetration testing in production environments.
4. Conduct pretest analysis based on full knowledge of the target system and pretest identification of potential vulnerabilities based on pretest analysis.
5. Test to determine the exploitability of identified vulnerabilities.
6. Document the results of the penetration testing, including what vulnerabilities were detected and exploited and how to remediate them.
7. Conduct follow-up penetration testing to confirm that vulnerabilities found in the original test were remediated successfully.

The position will be working with the Information Security Engineering and System Engineering Domains.

Required Qualifications

• Bachelor's degree in related area and/or equivalent experience/training.
• Minimum 3+ years experience in Penetration Testing.
• Experience using IT security systems and tools. Knowledge of data encryption techniques.
• Demonstrable skills and experience that include technical expertise in network, operating system, and/or application-level security.
• Knowledge of and experience with current adversarial tactics, techniques, procedures, and tools.
• Familiarity with NIST SP800-53 Revision 5 and other relevant security and privacy controls.
• Excellent communication skills to effectively report findings and recommendations.
• Basic skill at reading and interpreting security logs.
• Ability to follow department processes and procedures.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• Knowledge of other areas of IT, department processes and procedures.
• Demonstrated skills applying security controls to computer software and hardware.
• Knowledge of computer hardware, software and network security issues and approaches.

Preferred Qualifications

• GIAC Web Application Penetration Tester (GWAPT).
• GIAC Certified Penetration Tester (GPEN).
• PenTest+.
• Experience with Burp Suite and Metasploit.
• Offensive Security Certified Professional (OSCP).
• Certified Expert Penetration Tester (CEPT).

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values. In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu.

Equal Employment Opportunity

The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Location

Richmond, CA

Work Style

Hybrid

Shift

Days

Shift Length

8 Hours

#J-18808-Ljbffr

---