Sr. Penetration Tester

Penetration Tester Job Description

We are looking for a highly motivated Sr. Penetration Testing Consultant/Contractor. The penetration tester focus will be to prioritize and conduct assessments, document findings and recommendations, and present deliverable reports to clients. The Sr. Penetration Testing Consultant will work with all types of technologies across a myriad of clients and industries to assess; web/mobile applications, enterprise networks, data centers, cloud environments, social engineering, and OSINT.

Key Responsibilities

• Apply state-of-the-art methodologies, tooling, and skills to demonstrate real vulnerabilities, and help internal teams improve security posture and technical controls to mitigate the issues. We're looking for a passionate individual who goes beyond finding vulnerabilities identified by vulnerability scanners/tools
• As an Offensive Security Expert, you will conduct ongoing research into the latest attack TTPs, collaborate with teams for vulnerability remediation, and discover dangerous flaws and major security vulnerabilities for our products and infrastructure before they're found by attackers

• Expertise and experience in web application and/or network penetration testing
• Vulnerability assessments including manual testing to further evaluate the security of applications
• Knowledge of exploit development, execute and chain TTPs, vulnerability research/reporting
• Understanding security fundamentals and common vulnerabilities (e.g., OWASP Top Ten and SANS Top 25) in addition to the more modern web app and enterprise app vulnerabilities
• Produce and present client deliverable reports including key observations, detailed findings, evidence (screenshots, etc.), and recommendations for remediation

Technical Skills

• Application-focused offensive security experience in supporting a variety of technologies
• Understanding of cryptographic concepts and applied cryptography (SSL, AES, etc.)
• Additional experience in IT, security engineering, system and network security, authentication, and security protocols
• Scripting/programming skills (Python, Java, JavaScript, etc.) preferred
• Experience with AWS and/or GCP cloud environments preferred, understanding its major technologies such as IAM, EC2, VPC, EBS, S3, and Lambdas
• Network and web-related protocol knowledge (e.g., TCP/IP, UP, IPSEC, HTTP, HTTPS, routing protocols)
• Familiarity with security tools & frameworks like Burpsuite, Metasploit, Kali, Canvas, etc.
• Strong communication skills (i.e., written and verbal)
• OSCP/E, OSWP, CEH, PenTest+, Licensed Pen Tester, GWAPT, GPEN, or GXPN certifications are helpful, but not required
• Advanced relevant academic training is a definite bonus but not required, i.e., Bachelor in Computer Science
• Candidate needs to be passionate about offensive security and has an unstoppable drive to innovate.
• Red Team Experience as an operator

Experience

• OSINT, Network, and Web Application Penetration Testing: 4+ years (Required)
• Cloud Pen Testing: 2-3 years (Preferred)
• Attack Simulation: 2-3 years (Preferred)
• C2 Infrastructure Creation: 2-3 years (Preferred)
• C2 & TTP Development: 2-3 years (Preferred)
• MITRE ATT&CK: 1-2 years (Preferred)