What are the responsibilities and job description for the Penetration Tester position at RED SKY Consulting?

Job Title : Penetration Tester

Location : Remote in PST, MST or CST

Type : 6 Month Contract to Hire

Position Overview :

The primary responsibility of the Sr. DevSecOps Engineer - Cyber Security is to act as technical lead in support of technologies that enable the companies' cyber security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems. The role will serve as a security engineer for software development, supporting technologies that facilitate security of the software products and services. You will utilize various tools and techniques to identify vulnerabilities and weaknesses in client systems, providing detailed reports and recommendations for remediation. This role requires a deep understanding of cyber security principles, hacking methodologies, and a commitment to staying up-to-date with the latest threats and defense strategies.

Additional key responsibilities of role include review of vulnerabilities identified by application security technologies and processes and provide the true positive results to the appropriate software development teams, and coordination with those teams to support their triage and remediation efforts for identified, valid vulnerabilities.

Essential Duties & Responsibilities :

Assist in developing a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that such developed software is free of security vulnerabilities.
Conducting and leading comprehensive penetration tests on client networks, systems, and applications.
Identifying security vulnerabilities, misconfigurations, and weaknesses in target environments.
Utilizing automated scanning tools and manual testing techniques to exploit vulnerabilities.
Documenting findings, methodologies, and recommendations in clear and concise reports for clients.
Evaluate SDLCs and advise on applicable application security technologies and integration points.
Implement application security technologies with SDLCs, including integration of technology, workflows, documentation, training, and other functions necessary to enable stakeholder success.
Support developer teams in managing day to day cyber security processes pertaining to development of software.
Provide technical guidance to developers as it relates to cybersecurity.
Ensure the reliable operation of application security technologies that support program objectives.
Work with quality assurance teams to ensure that software is sufficiently analyzed by application security technologies and processes.
Work with software development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting vulnerability analysis.
Provide remediation guidance and recommendations to developers and administrators.
Support development of incident response exercises to support development of approaches to respond to use case driven alerts and incidents.
Perform security configuration reviews of our products to ensure that they are in alignment with company established best practices.
Maintaining ethical standards and confidentiality while conducting penetration testing activities.

Minimum Qualifications :

21 years of age.

Proof of authorization to work in the United States.

Must be able to obtain and maintain a Nevada Gaming Control Board Registration and any other certification or license, as required by law or policy.

Any of the following combinations of education, professional experience, or both :

At least 6 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or

At least 6 years of related field work experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role and technical degree in computer / information science; or

At least 10 years of relevant field experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role.

A strong understanding of cybersecurity fundamentals relating to software development.

Experience developing software utilizing at least two of the following coding languages : C#, GoLang, .NET, NodeJS, Java, C , PHP, Python, or others.

Proven experience in conducting penetration tests and security assessments across a variety of environments.

Advanced proficiency with penetration testing tools such as Metasploit, Nmap, Burp Suite, and Wireshark.

Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are required (at least one).

Demonstrated experience working with technical and non-technical staff.

Strong collaboration and communication skills.

Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks, for example : International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT)

Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud

Experience with at least three of the following technology spaces (more is preferred) : SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling, and similar.

Experience validating software development processes meet cybersecurity requirements.

Experience analyzing code for weaknesses and errors and overseeing plans to improve code.

Safety, consistency in schedule, and regular attendance are essential functions of this job.

Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24 / 7 due to the need of the business).

On an infrequent, but as needed basis, must be able to work varied shifts, including nights, weekends, and holidays.

Willingness to perform other related duties as assigned. Additional Experience Preferred :

Professional certification in both cybersecurity and software development preferred.

Experience as an application or product security engineer.

Experience in software development of enterprise applications.

Experience in a technical consulting / professional services role, preferably in cyber security, or software development.

Proficiency with multiple front-end, back-end, and scripting programming languages and demonstrated ability to become proficient with new programming languages and technologies.

Strong familiarity with common vulnerabilities and attack vectors.

Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs.

Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).

Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments.

THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANY

Penetration Tester

RED SKY Career Opportunities at : redskyconsulting.co / career-portal

Penetration Tester

RED SKY Consulting Candidate and Client Referral Program!

2500

Do you know other IT professionals?

Turn those relationships into Money & help friends get work

RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.

If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.

If we employ or place that individual or place people into that company thru that manager

Penetration Tester

RED SKY Consulting Company Overview :

We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15 year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.

The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.

Keys : Penetration Tester, Cybersecurity, DevSecOps, SAST, DAST, SCA, Penetration Tester, Cybersecurity, DevSecOps, SAST, DAST, SCA, Penetration Tester, Cybersecurity, DevSecOps, SAST, DAST, SCA, Penetration Tester, Cybersecurity, DevSecOps, SAST, DAST, SCA

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Apply for this job

Receive alerts for other Penetration Tester job openings

Penetration Tester

What are the responsibilities and job description for the Penetration Tester position at RED SKY Consulting?

What is the career path for a Penetration Tester?

Job openings at RED SKY Consulting

Not the job you're looking for? Here are some other Penetration Tester jobs in the Las Vegas, NV area that may be a better fit.

We don't have any other Penetration Tester jobs in the Las Vegas, NV area right now.

AI Assistant is available now!