Penetration Tester II

Job Description

Essential Functions

Works as an individual contributor for smaller efforts and as part of a team for larger efforts.
Conduct internal and external network penetration tests.
Conduct internal and external graphical user interface web application penetration tests.
Conduct internal and external web services application penetration tests.
Conduct wireless network penetration tests.
Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
Responsible for submitting tickets for remediation of vulnerabilities and potential issues found during penetration tests.
Work with Security Architects and Security Engineers to gather information and conduct penetration tests.
Review and process static source code vulnerability analysis reports for Early Warning developed applications as directed.
Evaluate commercial and open source tools to be used for the purposes of penetration testing.
Maintain demonstrable knowledge of current vulnerability exploitation techniques.
Strong understanding of TCP/IP.
Mentor junior Penetration Testers as needed.
Complies with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained

Skills & Responsibilities

Required Experience

Minimum Qualifications

Education or experience equivalent to a Bachelor’s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
4 years of general security penetration test experience.
4 years of general IT or information security experience.
Working knowledge of communication network technologies.
Working understanding of Active Directory, Exchange, and SharePoint.
Advanced working understanding of penetration test and security assessment procedures.
Advanced working understanding of information gathering techniques and processes.
Advanced working understanding of web application technologies such as programming languages (AJAX, PHP, Perl, SOAP-based web services, Java, Javascript, C# and/or .Net, ASP), web servers, application servers, web services, web browse technologies, common vulnerabilities, security best practices, automated testing tools, manual testing tools,
Perl, Python, shell, VB or other scripting language skills required.
Advanced working knowledge of relational databases.
Comfortable using, configuring, troubleshooting, and administering Unix, Linux, Mac OSX, and Windows operating systems.
Experience using the Backtrack/Kali Linux suite of penetration test tools.
Have a broad advanced understanding of various commercial, open source, and freeware penetration test tools.
Proficient using proxies for web application penetration tests.
Proficient using fuzzing techniques for all types of penetration tests.
Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures.
Ability to work independently and within a team environment.
Effective interpersonal skills.
Must demonstrate advanced stages of Pwniephobia – The fear of one’s computer or mobile device being compromised by crafty attackers either through loss of control or ninja like social engineering. A fear commonly brought on by the embarrassment of a previous compromise. Usually in the presence of co-workers, peers, or persons whom impressions of poor information security practices are heavily weighed.
Ability to present to peers, coworkers, and customers.
Experience in analyzing risk associated with security vulnerabilities required.
Strong writing skills.
Approved background and drug screen is required