Penetration Tester

Emagine IT is seeking a highly skilled Cloud Security Penetration Tester to join our team. As a Cloud Security Penetration Tester, you will be responsible for facilitating Penetration Tests, Threat Hunting exercises, and Continuous Monitoring Activities within cloud-based environments.

You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables.

• Execute testing procedures in accordance with NIST SP 800-53A Revision 4
• Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web, and mobile environments
• Perform Social Engineering campaigns, including email phishing, spear phishing, phone pretext calling
• Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, PowerPoint presentations for kick-off and closing of client engagements
• Author recommendations based on findings to improve security postures compliant with NIST controls
• Penetration Testing/Threat Hunting (75%); Advisory/Consulting (25%)

• Bachelor's degree (4-yr college or university) or equivalent combination of education and experience
• Minimum three (3) years of experience in IT industry with strong familiarity with NIST Special Publications (SP Revision 1, Revision 4, and 800-53A Revision 1, PCI-DSS, SOX, HIPAA)
• Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
• Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP
• Ability to independently lead small, less complex system assessments
• Ability to assist team members with proper artifact collection and detail to client's examples of artifacts to satisfy assessment requirements
• At least one of the following certifications in order of preference: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP certification
• Must have a Penetration Testing Certification - order of preference: OCSP, GIAC-GPEN, LPT
• Second certification in order of preference to be obtained within 6 months or by conversion date: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP
• Candidate must perform 'CTF' style penetration test including presentation of findings prior to offer of employment

• Experience reviewing Nessus output
• Basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft
• Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
• Experience with Amazon Web Services, Microsoft Azure, Google Cloud, etc.
• Project management experience or certification (PMP)
• Must be eligible for Secret Clearance or Public Trust
• This role cannot sponsor Visa candidates.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers.

Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions.

Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.