Sr. Penetration Tester
Conduct penetration test scoping/kick
off meetings with technology business stakeholders, document scope and schedule
testing window
· Lead web application, mobile, API
and network penetration testing within the designated scope and rules of engagement
· Provide technical guidance for remediation
of findings, collaborating with other CIS teams as necessary
· Provide mentoring and training to
junior members of attack surface management team
· Perform required audit related tasks
from internal audit, SOX and PCI activities.
· Interface & support other CIS
organizations such as Incident Response, Governance, Risk and Threat
Intelligence as necessary
· Maintain and compose operational
process documentation regarding program execution.
· Maintain and grow penetration
testing tool suites and automation of tasks through the use of commercial and
open source products
· Perform Red Team activities in
coordination with cyber defense center and incident response teams to
validate Blue team monitoring & detection processes
Qualifications
· Bachelor's degree in Computer Science, Information Technology, Cyber
Security, or related discipline or equivalent experience.
· 7 years of IT professional experience, with 3 years
Information Security experience, with previous penetration testing or
application security background
· Strong understanding of a variety of
technical concepts such as: Application development, networking, systems
administration, and information security practices
· Strong web application development,
security flaw and remediation technical understanding
· Demonstrated experience with a
variety of open source and commercial testing tools in areas such as web
interception proxies, packet capture, debugging and API interaction.
· Experience with data analytics with
the ability to provide qualitative analysis and recommendations
· Strong verbal and written
communication skills to clearly convey both technical
· Experience and knowledge of
performing security tasks within AWS or Azure cloud environments
· Ability to develop strong working
relationships with a variety of other enabling teams.
· Strong attention to detail, data
accuracy, and data analysis.
· Self-motivated and operates with a
high sense of urgency and a high level of integrity.
Strongly Preferred
· Certifications such as GIAC Web
Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC
Penetration Testing (GPEN) are strongly preferred.
· Previous experience working in large
scale environments with diverse technologies.
· Ability to automate technical tasks
through use of APIs or scripting