Cyber Security Engineer - Penetration Tester

Cyber Security Engineer - Penetration Tester

About Us:

Ubicquia revolutionizes critical infrastructure, transforming it into intelligent systems that drive energy efficiency, bolster grid resilience, and streamline operations for utilities and municipalities. Harnessing the power of advanced analytics and AI, Ubicquia processes over 2 billion data points daily, providing insights to optimize the management of streetlights, distribution transformers, and utility poles. Its cutting-edge platforms—featuring sensors, software, and seamless connectivity—are deployed in more than 800 cities and integrated with top-tier manufacturers of streetlights, transformers, and public safety solutions. Ubicquia is headquartered in Florida. Discover more at www.ubicquia.com.

Position Summary:

The Cyber Engineer/Penetration Tester will be part of Ubicquia’s cybersecurity team responsible for maintaining Ubiquia’s security controls, supporting audits and certifications program to ensure meeting the requirements for various frameworks like CMMC, ISO 27001, PCI-DSS, and SOC2 Type 2, NIST CSF, and NIST 800-171. The individual will be responsible for identifying and exploiting vulnerabilities in IoT devices, networks, and applications and work closely with the relevant teams to improve the overall security posture of our products in addition to providing day-day Security Operations support.

Job Responsibilities:

• Support security operations processes and tools for managing cybersecurity: Vulnerability Management, End Point Protection, Security Logging and Monitoring, Incident Response, and Security Compliance.
• Conduct testing activities as per the agreed scope and timeline, avoid disruption to business operations, and adhere to industry-standard methodologies (e.g., OWASP, NIST, PTES).
• Prepare and deliver technical reports on detailed findings and vulnerability remediation to technical and non-technical stakeholders.
• Effectively communicating findings and strategy to stakeholders, including technical staff and executive leadership.
• Scoping penetration testing assessments and leading third party engagements from kickoff through remediation.
• Plan and execute penetration tests on various systems, applications, and networks, including Web Applications, API, Mobile Applications, IoT Devices, and public Cloud Infrastructure utilizing a variety of penetration testing tools and techniques to identify vulnerabilities.
• Analyze identified vulnerabilities to determine their potential impact and exploitability.
• Research and stay informed about emerging threats and vulnerabilities.

Required Qualifications:

• Bachelor's degree (Computer Science, Information Systems, or related discipline).
• 5 years in a cybersecurity related role with at least 3 years penetration testing experience.
• Knowledge of automation methods/solutions (eg. Scripting).
• Understanding of Pen Test methods such as Open-Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTES), NIST, etc.
• Experience with common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.)
• Knowledge of MITRE s ATT&CK framework
• Knowledge of infrastructure technologies (servers, virtualization, networking, end user computing, etc).
• Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud
• Familiarity with security frameworks (CMMC, ISO 27001, PCI-DSS, and SOC2 Type 2, NIST CSF, and NIST 800-171).
• Proficient with the command line interface of multiple operating systems – Windows, macOS, Linux, etc.
• Self-motivated, quick learner delivers timely results, and team oriented.
• Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN) or a similar certification.

Preferred Qualifications:

• Familiarity with common IoT testing techniques, including interacting with low-level communications (UART, JTAG), firmware extraction and analysis, and operating system testing techniques
• Technical background with hands-on experience in the conduct of security reviews and assessments of IOT/OT/ICS security and cybersecurity risk landscapes
• Experience in conducting and/or leading IOT/OT/ICS cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified.
• Experience with selecting, designing, architecting, and deploying security technologies to an IOT/OT/ICS environment. Demonstrated understanding of IOT/OT/ICS infrastructure, including an understanding of threats, vulnerabilities, attack paths, and exploits.

What We Offer:

• Competitive salary and benefits package
• Fully covered medical, dental and vision insurance employee premiums
• Equity Plan
• Unlimited PTO
• Rich Total Rewards BENEFITS package
• Life Insurance, LTD STD
• Supplementary Insurance
• Flexible Spending Account (FSA) and Dependent Care Account (DCA)
• 401(k) Retirement Plan
• Other excellent benefits!
• Opportunities for professional growth and development
• Collaborative and supportive work environment
• The chance to work on exciting and challenging projects

If you are a dedicated Cyber Security Engineer/Penetration Tester looking to make a significant impact, we encourage you to apply!

Ubicquia is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Ubicquia also makes reasonable accommodations for disabled employees consistent with applicable law.

No external recruiters will be considered.