Pen Tester

Job Title: Pen Tester

Location: NYC/NJ

Duration: Contract

Business Overview: The Cyber Threat Intelligence (CTI) Team specializes in collecting and analyzing information about the cyber threat landscape to assess potential impacts on the firm. The team supports and enhances security by providing situational awareness and actionable intelligence.

Candidate Success Factors:

Results and Impact: Influence peers and team, make high-impact decisions, and drive meaningful outcomes.

Leadership and Collaboration: Build trust with colleagues and lead projects.

Client, Customer, and Stakeholder Focus: Build relationships with colleagues and clients, interact with management, and influence stakeholders.

Compliance Culture and Conduct: Take responsibility for actions, demonstrate courage, and uphold high ethical standards.

Responsibilities:

• Collaborate with Cyber Threat Intelligence in other regions.
• Support Incident Response, Purple team, and Vulnerability Management teams by providing situational awareness on threats.
• Monitor and evaluate cyber threat intelligence from multiple sources.
• Participate in threat modeling processes and methodologies.
• Execute threat hunts to proactively look for malicious activities.
• Conduct testing activities as per the agreed scope and timeline, avoid disruption to business operations, and adhere to industry-standard methodologies (e.g., OWASP).
• Testing methodologies for web applications including injection attacks, XSS, CSRF, broken authentication & session management, security misconfiguration, sensitive data exposure, and insecure direct object reference.
• Use authorized tools (e.g., Burp Suite) and techniques to identify vulnerabilities and assess risk.
• Maintain strict confidentiality and data security practices.
• Offer clarification or additional details on findings as needed, provide general guidance on improving security posture, and support retesting to validate remediation efforts.

Minimum Required Qualifications:

• Strong problem-solving, analytical, and communication skills.
• Solid understanding of IT security concepts and risk assessment.
• Solid understanding of industry-standard OWASP
• Advanced user of Microsoft Excel, Word, and PowerPoint.
• Excellent understanding of networking concepts and emerging threats.
• Demonstrable understanding of Information Technology principles.
• Understanding of the Threat Intelligence Lifecycle.

Preferred Qualifications:

• Bachelor's degree in computer science or engineering with 7 years of experience in an intelligence function in the financial sector.
• Information Security certifications (e.g., CISSP, CISA, CISM).
• Understanding of Tactics, Techniques, and Procedures of cyber threat actors.
• Experience with the Kill Chain, Diamond Model of Intrusion, and other frameworks.
• Experience working with the Kill Chain, Diamond Model of Intrusion, Advanced Persistent Threat, Third Party Risks, Cybercrime, Hacktivism, Cyber Fraud, Malware and Ransomware, Mobile Threats, Social Engineering, Insider Threats, Incident Response, Threat Intelligence, and Host & Network-based security and similar frameworks and concepts
• Working knowledge of Python.