Lead Penetration Tester

The Lead Penetration Tester reports to the Enterprise Security Assurance Leader in HGS and will be responsible for detecting and preventing vulnerabilities in application before moving to production. This role will partner with the Architects, Business Stakeholders, Project Managers and Developers to ensure Code, Configuration and Infrastructure are implemented as per Honeywell Secure Policies and Standards to prevent any security exposures in production. He/She will also be accountable for the quality of deliverables, coverage, and completion of the prescribed security assessment/execution on time.

KEY RESPONSIBILITIES

• Review the design, architecture, implementation and create penetration test scope, strategy and plan.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (Web application, Web services, Mobile applications, Thick client applications, SaaS, Infrastructure, Cloud and GEN AI)
• Run & analyze the penetration test (Manual & Automated) and pinpoint the security issues and suggest counter measures for security improvements.
• Adept at selecting and utilizing appropriate technologies and security controls to remediate findings effectively.
• Keep up to date with evolving cyber threats and identify any new and sophisticated methods of detecting vulnerabilities and countermeasures.
• Highly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.
• Good understanding of secure software development lifecycle process.
• Knowledge of requirement gathering, planning, and creating test plans.
• Experience in stakeholder management, delivery pipeline and quality management.
• Contribute to the creation of security awareness materials for the organization.

YOU MUST HAVE

• Must be eligible for USG Security Clearance
• Bachelor’s degree from an accredited institution in a technical discipline such as the sciences, technology, engineering, or mathematics
• 10 years of hands-on experience in Security/PEN Testing practices.
• Expert level knowledge in any one of the following programming languages: Python, PowerShell, Java.
• Exceptional behaviors and interpersonal skills, with the ability to convey complex technical concepts to non-technical stakeholders

WE VALUE

• Hands-on experience in application penetration testing (Web, API, Mobile, Thick Client, Network, Cloud, GEN AI) without or with tools such as but not limited to...Kali Linux, Burp Suite, Nmap, ZAP, Metasploit, Nessus, Qualys etc.
• Good Knowledge and experience on OWASP Top 10 Methodologies, SANS Top 25, Mitre/NIST framework and how to effectively remediate vulnerabilities associated with each.
• Relevant certifications such as CISSP, CCSP or OSCP are desirable.
• Should be able to think "out of the box". Possess ability to implement new attack approaches/vectors, and provide technical guidance and mentorship to team members.
• Highly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.
• Excellent oral and written communication skills and ability to convey complex technical concepts to stakeholders.