We are seeking a Vulnerability and Penetration Tester. A vulnerability and penetration tester will perform security assessment testing on client computer systems, networks, and applications. Create new testing methods to identify vulnerabilities and perform physical security assessments of systems, servers, and other network devices to identify areas requiring physical protection, including planning and executing tests and documenting your methodologies. In addition, they will be required to create detailed reports about security findings and create the proper security remediation and assist in improving the client’s security environment.
• Perform Vulnerability and Penetration tests on computer systems, networks, and applications
• Create new testing methods to identify vulnerabilities
• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
• Search for weaknesses in common software, web applications, and proprietary systems
• Research, evaluate, document, and discuss findings with IT teams and management
• Review and provide feedback for information security fixes
• Establish improvements for existing security services, including hardware, software, policies, and procedures
• Identify areas where improvement is needed in security education and awareness for users
• Be sensitive to corporate considerations when performing testing (i.e., minimize downtime and loss of employee productivity)
• Stay updated on the latest malware and security threats
In addition to the skills described above, an unwritten part of your job description as a penetration tester also includes an ability to “think like the enemy” to combat the full range of techniques and strategies that hackers might employ even to anticipate new ones.
● Strong verbal and written communication skills.
● Familiarity with compliance and security standards.
● Have experience in conducting HIPAA, PCI, SOC 2, ISO, GRPR, and NIST assessments.
● Familiarity with Nessus, Burp, Metasploit, and other assessment tools.
Preferred Minimum Experience/Education:
● Should have 3-5 years of hands-on experience.
● Hand on technical experience with Python, Perl, or Go coding language.
● Public Sector experience is a plus.
● Cisco experience is a plus.
● ISMS experience is a plus.