Qualifications
4 years experience or equivalent knowledge and exposure are required with most of the following:
An understanding of attack surface management tools, including their capabilities and limitations
Deep understanding of reconnaissance types and techniques
Strong communication and interpersonal skills, including experience with technical and non-technical teams
Excellent analytical and problem-solving skills, with the ability to analyze complex data sets, and provide recommendations for mitigating risk
Familiarity with big data technologies, data analysis and visualization tools: Tableau, Spark, Hive, Hadoop, etc.
Experience with program management tools: ServiceNow, JIRA, Confluence, etc.
Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
Identifying, researching, validating, and exploiting different, known, and unknown security vulnerabilities on the server and client side
Leveraging the MITRE ATT&CK Framework
Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.
Vulnerability Assessment tools: Nessus, Qualys, etc.
Exploitation frameworks: Metasploit, CANVAS, Core Impact
Social Engineering campaigns: email phishing, phone calls, SET
Deep understanding of OSI model and OWASP
Security devices: Firewalls, VPN, AAA systems
OS Security: Unix/Linux, Windows, OSX
Understanding of common protocols: HTTP, LDAP, SMTP, DNS
Web application infrastructure: Application Servers, Web Servers, Databases
Web development and programming languages: Python, Perl, Ruby, Java, .Net