Penetration Tester II
Job Description
Essential Functions
- Works as an individual contributor for smaller efforts and as part of a team for larger efforts.
- Conduct internal and external network penetration tests.
- Conduct internal and external graphical user interface web application penetration tests.
- Conduct internal and external web services application penetration tests.
- Conduct wireless network penetration tests.
- Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
- Responsible for submitting tickets for remediation of vulnerabilities and potential issues found during penetration tests.
- Work with Security Architects and Security Engineers to gather information and conduct penetration tests.
- Review and process static source code vulnerability analysis reports for Early Warning developed applications as directed.
- Evaluate commercial and open source tools to be used for the purposes of penetration testing.
- Maintain demonstrable knowledge of current vulnerability exploitation techniques.
- Strong understanding of TCP/IP.
- Mentor junior Penetration Testers as needed.
- Complies with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained
Skills & Responsibilities
Required Experience
Minimum Qualifications
- Education or experience equivalent to a Bachelor’s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
- Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
- 4 years of general security penetration test experience.
- 4 years of general IT or information security experience.
- Working knowledge of communication network technologies.
- Working understanding of Active Directory, Exchange, and SharePoint.
- Advanced working understanding of penetration test and security assessment procedures.
- Advanced working understanding of information gathering techniques and processes.
- Advanced working understanding of web application technologies such as programming languages (AJAX, PHP, Perl, SOAP-based web services, Java, Javascript, C# and/or .Net, ASP), web servers, application servers, web services, web browse technologies, common vulnerabilities, security best practices, automated testing tools, manual testing tools,
- Perl, Python, shell, VB or other scripting language skills required.
- Advanced working knowledge of relational databases.
- Comfortable using, configuring, troubleshooting, and administering Unix, Linux, Mac OSX, and Windows operating systems.
- Experience using the Backtrack/Kali Linux suite of penetration test tools.
- Have a broad advanced understanding of various commercial, open source, and freeware penetration test tools.
- Proficient using proxies for web application penetration tests.
- Proficient using fuzzing techniques for all types of penetration tests.
- Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures.
- Ability to work independently and within a team environment.
- Effective interpersonal skills.
- Must demonstrate advanced stages of Pwniephobia – The fear of one’s computer or mobile device being compromised by crafty attackers either through loss of control or ninja like social engineering. A fear commonly brought on by the embarrassment of a previous compromise. Usually in the presence of co-workers, peers, or persons whom impressions of poor information security practices are heavily weighed.
- Ability to present to peers, coworkers, and customers.
- Experience in analyzing risk associated with security vulnerabilities required.
- Strong writing skills.
- Approved background and drug screen is required
Preferred Qualifications
- Application Development background
- Social Engineering experience
- Certified Ethical Hacker (CEH) or equivalent certification
- Certified Penetration Tester (CPT) or equivalent certification
- Additional related education and/or experience preferred
Salary Details
Salary and Benefits information will be discussed during the interview process.
There are many great benefits to working at Early Warning; check out our great culture page.
Location Details
Scottsdale, AZ 85260