Job Description
Company: Cardinal Integrated
Location: Parsippany-Troy Hills, US
Penetration Tester
Depending on the level the candidate is at than we could specify the title:
• Penetration Tester / (Consultant or Senior Consultant – Internally)
• Penetration, Risk & Vulnerability Specialist: (Lead Consultant – Internally)
Responsibilities:
• Perform formal hands-on penetration tests and vulnerability assessment of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
• Design, create and maintain new penetration tools and security testing plans
• Develop scripts and programs for automated penetration and other security testing on networks, systems, and applications
• Draft project proposals that communicate to the client the details and scope of the project.
• Probe for vulnerabilities in web applications, fat/thin client applications, and standard applications
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
• Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
• Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
• Research, document, discuss and write security findings with management and IT teams and produce actionable, threat-based, reports on security testing results
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Review and define requirements for information security solutions
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Foster and maintain relationships with key stakeholders and business partners
• Provide feedback and verification as an organization fixes security issues
• Act as a source of direction, training, and guidance for less experienced staff
Qualifications:
• Previous working experience as a Penetration Tester for 3 years
• BA in Computer Information Systems, Management Information Systems or similar relevant field
• Ethical Hacker Certification Preferred
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Hands-on experience with testing frameworks such as the PTES and OWASP
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
• Critical thinker and problem solver
• Excellent organizational and time management skills
• Excellent communication and report writing skills
• Must be self-starter, eager to take the initiative
• Have an understanding of, and experience in, evaluating nation-state, hacktivists, and cybercriminal capabilities and activity.
Source: Jobilize