Penetration Tester, Lead

Key Role:

Apply expertise in all aspects of malware reverse engineering, offensive thinking or planning, intelligence analysis, penetration testing, tool or exploit development, social engineering, networking, operating systems, and technical architectures. Leverage expertise in verbal and written communication skills when conducting customer-facing and teaming work on an everyday basis. Plan and analyze attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on critical functions targeted by adversaries. Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks and emulating adversarial Tactics, Techniques, and Procedures (TTPs). Interpret the impact on the business area's operations, systems, and processes with key fringe stakeholders. Ensure effective knowledge management of findings and review results of any attack campaign to determine the severity of findings and identify potential remediation or mitigation strategies.

Basic Qualifications:

-10+ years of experience with two or more of the following: network vulnerability assessments, Web application security testing, network penetration testing, red teaming, or security operations

-Experience with using, administering, and troubleshooting two or more major platforms of Linux, including Ubuntu and Red Hat

-Experience with Windows environments and Active Directory concepts

-Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting or editing existing code

-Experience with tools, including Qualys, Nessus, WebInspect, AppDetective, Hailstorm, Metasploit, Burp Suite Pro, Aircrack-ng, or Kismet

-Knowledge of applications, database, and Web server design and implementation

-Knowledge of open security testing standards and projects, including OWASP

-BA or BS degree

Additional Qualifications:

-Experience in coordinating, working with and gaining the trust of business stakeholders, technical resources, and third-party vendors

-Experience with leading meetings, dividing responsibilities, and influencing people to take action to assist in the resolution of security incidents

-Experience with conducting in-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge

-Experience with identifying and mitigating security vulnerabilities in operating systems and web applications

-Knowledge of TCP/IP fundamentals, network protocols, system administration, and network architectures

-Ability to mentor and train junior staff in attack techniques, tool or exploit development, intelligence analysis, and adversarial tactics

-Ability to communicate effectively with representatives of the Lines of Business, technology specialists, and vendors

-Ability to travel to support security testing work, as needed

-OSCP,  OSCE, or OSWE or SANS Certification

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.