What are the responsibilities and job description for the Penetration Testing/Red Team Testing position at KTek Resourcing?
8 years of working experience and strong understanding of application vulnerability assessment and
penetration testing
Working experience and good hands-on understanding of manual penetration testing and updated with
latest tactics, techniques and procedures for complex applications/ APIs
Proficiency with vulnerability assessment & penetration testing tools (Burp Suite, OWASP ZAP, and other
commercial and open-source tools)
Strong expertise in planning and create penetration testing methods, scripts and test cases
Good Understanding of IT security policy, procedure, design, and implementation
Ability to analyze and investigate security-related vulnerabilities and identify false positives
Strong understanding of architecture diagrams and evaluating complex applications/ APIs
Strong information security threat and risk-based prioritization and triaging abilities
Solid foundation of common software vulnerabilities and their remediation/ mitigation techniques
Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST,
DORA and GLBA)
Working knowledge of penetration testing using industry best practices such as OWASP top 10, CWE/
SANS TOP 25 standards and Threat-Led Penetration Testing (TLPT)
Proficiency with documenting and reporting security issues and vulnerabilities, providing
recommendations for remediation and demonstrating/ explaining to a wide audience
Relevant certifications (e.g., OSCP, CEH, CISSP) are a plus
Red Team Testing::
10 years of proven experience in red team operations, penetration testing, and vulnerability assessment
Strong knowledge of attack techniques, tactics, and procedures (TTPs)
Proficiency with red team tools (e.g., Cobalt Strike, Metasploit, BloodHound, etc.)
Familiarity with programming and scripting languages (e.g., Python, PowerShell, Bash)
Understanding of network protocols, operating systems, cloud security, and security technologies
Experience with social engineering and phishing campaigns
Knowledge of lateral movement and privilege escalation techniques
Understanding of cryptographic principles and secure communication protocols
Knowledge of threat modeling and risk assessment methodologies
Experience with incident response and forensic analysis
Proficiency with conducting advanced penetration testing and adversarial simulations to identify security
vulnerabilities
Proficiency with developing and executing test plans, scripts, and procedures for red team operations
Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST,
DORA and GLBA)
Working knowledge of penetration testing using industry best practices such as OWASP top 10, CWE/
SANS TOP 25 standards and Threat-Led Penetration Testing (TLPT)
Proficiency with documenting and reporting security issues and vulnerabilities, providing
recommendations for remediation and demonstrating/ explaining to a wide audience
Collaborate with blue team (defensive) counterparts to improve overall security posture
Relevant certifications (e.g., OSCP, CRTO, CEH, CISSP) are a plus
