Vacancy expired!
Software Guidance & Assistance, Inc., (SGA), is searching for a Vulnerability/Penetration Tester - Applications for a contract assignment with one of our premier financial services clients in Florence, KY . Responsibilities :
- Work with teammates to consistently learn and share advanced skills and foster team excellence.
- Document and formally report testing initiatives, along with remediation recommendations and validation.
- Conduct tactical assessments that require expertise in application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
- Develop and maintain tools and scripts used in penetration-testing team processes.
- Train offensive and defensive colleagues on new TTPs and mentor junior teammates.
- Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
- Perform other duties as assigned.
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- At least 3 years' experience in information security administration, offensive tactics, vulnerability assessment and penetration testing, especially as related to ATM and related infrastructure, hardware and applications.
- Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
- Experience conducting vulnerability assessments and penetration-testing engagements as a consultant or within a previous role in a professional organization.
- Strong operating system knowledge across nix, Windows; proficient with networking protocols.
- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
- Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
- Preferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT.
- ID: #23502730
- State: Kentucky Florence 41022 Florence USA
- City: Florence
- Salary: USD TBD TBD
- Job type: Contract
- Showed: 2021-11-26
- Deadline: 2022-01-24
- Category: Software/QA/DBA/etc