Penetration Tester (white box) & Vulnerability

NO SPONSORSHIP

Penetration & Vulnerability Testing (white box)

SALARY: $180k - $190k plus 15% bonus

LOCATION: CHICAGO

3 days in office

Must be strong with a slew penetration testing tools listed on the job

The Security Penetration Tester will focus on testing consisting of threat intelligence gathering, network & web application penetration testing, Cloud security testing, physical security testing, mobile device security testing, and more.

The ideal candidate will have extensive experience in more than one of the following: Open-Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, as well as a deep knowledge of scanning tools and vulnerability enumeration. Experience testing database servers using python scripting and automation.

• Assist the Security Penetration Testing Team to perform testing based on organizationally defined scope with strict adherence to the agreed-upon rules of engagement.
• Conduct various Security Penetration Testing Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Cloud Security Testing, etc.
• Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing
• Coordinate with IT owners to re-test and validate remediated Security Penetration Testing Team findings
• Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
• Understand vulnerabilities and develop relevant exploits for use during Security Penetration Testing Team activities.
• Verify vulnerability false positives
• Perform security risk assessment, threat analysis and threat modeling.
• Perform independent reviews of security, network, and applications.
• Plan/Design/Execute security related activities and create artifacts.

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Infrastructure Development, Open Source Intelligence, and more.
• Proven due diligence and research ability via open-source avenues and technology.
• Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).
• Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
• Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
• Strong knowledge of cryptography

Technical Skills:

• Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
• Demonstrated exploit and vulnerability experience
• Strong proficiency in intelligence gathering.
• Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
• Strong proficiency with common penetration testing tools (Kali, Metasploit, Nmap, Qualys, Nessus, Nexpose, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Impacket, etc.).
• Track record of vulnerability research and CVE assignments

Education and/or Experience:

• BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required
• 3 Years experience of Penetration testing
• 6 Years experience in Information Assurance or Information Security environment.

Certificates or Licenses:

• Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired.