Senior Penetration Tester

Summary
Description
Summary of This Role
Conducts planned and authorized real world attack scenarios against corporate assets, networks and applications utilizing common hacking methodologies and tools. Leveraging industry standard methodologies, evaluates corporate security posture through various technical, manual and automated methods to accomplish various designated goals such as the review and evaluation of software or network architecture and design (consulting), the coordinated validation of defensive controls (purple team), attempted exploit, pivot and exfiltration of data (red team) and manual review / validation of the existence of vulnerabilities on systems (penetration testing). This is a highly technical and specialized position within security that requires a wide array of experience, knowledge and discipline in all aspects of IT (development, operations and security).

What Part Will You Play?

• Creates, coordinates and plans engagements with internal customers with medium oversight from senior team members. Has plans validated and approved by an assigned senior team member and executes according to plan with limited oversight. Ability to identify and exploit more complex scenarios as well as employing stealth and evasion techniques. Be able to accurately answer questions about compliance, regulatory and policy standards.
• Independently gather requirements in order to create appropriate engagement documentation and schedules. Can begin to document engagement plans for how an engagement is executed by other team members (under guidance of senior member of the team). Gathers and proposes final report findings with preliminary analysis and severity assignments.
• Perform complex analysis on intelligence data to determine preliminary risks and targets as well as identify risk and findings. Independently set up and lead meetings with internal customers to coordinate the execution of engagements. Ability to communicate complex ideas to various degrees of technical resources. Ability to professionally communicate both verbally and in written form. Ability to evaluate proposed remediation actions and recommend alternate actions under moderate supervision.
• Understand more complex architecture and design concepts of applications, hardware and networks and how they impact the security posture of the enterprise. Apply corporate and security ethics in every aspect of day to day activities.

What Are We Looking For in This Role?
Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: with a concentration in security, networking or development / computer science
• Typically Minimum 4 Years Relevant Exp
• Ethical Hacking/Penetration Testing, software development, cyber forensics or threat hunting. Additional 4 years related experience may be considered in lieu of a degree.
• Certified Ethical Hacker (CEH) or GIAC Penetration Tester (GPEN) or equivalent certification

Preferred Qualifications

• Typically Minimum 6 Years Relevant Exp
• Ethical Hacking/Penetration Testing, software development, cyber forensics or threat hunting.
• one or more of the following: CISSP, CEH, GPEN, GXPN, GWAPT, OSCP

What Are Our Desired Skills and Capabilities?

• Skills / Knowledge - A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is the fully qualified, career-oriented, journey-level position.
• Job Complexity - Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
• Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments.
• Experience with vulnerability exploit techniques and tools. - Ability to setup, configure and utilize ethical hacking tools and exploits. Ability to develop exploits and demonstrate impacts to others
• Proficient in research and analysis of security intelligence data, system/application/network configurations and logs - Ability to understand and execute complex analysis of intelligence data as well as systems/application/network configurations and logs to determine preliminary threats, targets and evaluate risk appropriately. Ability to apply controls to safely traverse the dark web for research purposes.
• Experience with activities involving APT Threats - Ability to describe various tools, techniques, and procedures (TTPs) associated with threat actors known to operate in the financial services domain.