Vacancy expired!
- Conduct penetration test scoping/kick off meetings with technology business stakeholders, document scope and schedule testing window
- Lead web application, mobile, API and network penetration testing within the designated scope and rules of engagement
- Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
- Provide mentoring and training to junior members of attack surface management team
- Perform required audit related tasks from internal audit, SOX and PCI activities.
- Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary
- Maintain and compose operational process documentation regarding program execution.
- Maintain and grow penetration testing tool suites and automation of tasks through the use of commercial and open source products
- Perform Red Team activities in coordination with Client’s cyber defense center and incident response teams to validate Blue team monitoring & detection processes
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
- 7+ years of IT professional experience, with 3+ years Information Security experience, with previous penetration testing or application security background
- Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices
- Strong web application development, security flaw and remediation technical understanding
- Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
- Experience with data analytics with the ability to provide qualitative analysis and recommendations
- Strong verbal and written communication skills to clearly convey both technical
- Experience and knowledge of performing security tasks within AWS or Azure cloud environments
- Ability to develop strong working relationships with a variety of other enabling teams.
- Strong attention to detail, data accuracy, and data analysis.
- Self-motivated and operates with a high sense of urgency and a high level of integrity.
- Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.
- Previous experience working in large scale environments with diverse technologies.
- Ability to automate technical tasks through use of APIs or scripting