Network Pen Tester
3 weeks ago
The Network Pen Tester is responsible for assisting the Lead for the team in helping to define the strategic approaches used by the team to support how we develop our differing approaches to the methodologies used for security pen testing. This role will perform hands-on penetration testing and security testing against applications, networks, cloud and wireless environments. This role is a practitioner with extensive experience in security testing and will also be involved helping with the creation of scripts and security tests. The ideal candidate is passionate about breaking into any system or application, consistently working to improve the security of the products tested during engagements.
Responsibilities:
- Perform offensive security testing of applications, both manual and automated.
- Perform network security testing for networks, cloud infrastructure, and servers.
- Guides the strategy, approach and development of robust security & risk controls verification techniques and capabilities
- Analyze security policies
- Conduct security audits
- Write security assessments reports
- Provide remediation guidance to the impacted solution or network owners.
- Support the risk assessment processes by weighing in as technical security SMEs.
Qualifications:
- 5+ years of experience penetration testing applications
- 3+ years penetration testing networks, cloud applications and containers
- Strong capabilities in identifying and exploiting web vulnerabilities
- API and PCI testing experience preferred
- Strong knowledge of cloud and container security technologies
- Good scripting capabilities in Python, Bash Shell, Powershell
- Experience with GraphQL and JSON preferred
- Strong working knowledge of structured security guidelines
- Scripting experience in Bash, Java, .Net, Python or Ruby
- Experience finding vulnerabilities in both off-the-shelf and open-source components
- Experience testing web applications & thick applications
- Strong understanding of network protocols, routing, firewalls, and network security technologies.
- Experience in exploitation, Firewall bypasses, antivirus evasion
- Ability to communicate with stakeholders at multiple levels, including remediation for vulnerabilities identified.
- Ability to write clear reports on solutions or networks tested
- Secure code review experience is preferred
- OSCP/OSWE preferred
- Experience with secure development and security features required by cloud infrastructure is preferred
- Clear understanding of the challenges offered by information security, privacy, and compliance
- Strong working knowledge of structured security guidelines Generic Skills:
- Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations
- PCI testing experience preferred
- Strong knowledge of cloud and container security technologies
- Good scripting capabilities in Python, Bash Shell, Powershell
- Experience with GraphQL and JSON preferred
- Strong working knowledge of structured security guidelines
- Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations
Location - Remote, anywhere in the US
Pay Rate $55-$65/hr. C2C, W2 or 1099
