Penetration Tester III

Overall Purpose:
This position within the Security Technology team is one who will be responsible for leading efforts to find and document security vulnerabilities through approved penetration testing efforts for the purpose of securing Early Warning systems, infrastructure, networks, and applications.

Essential Functions:

• Train and support junior penetration testing staff
• Leads internal and external security assessments and penetration tests, including mobile, web applications, web services, wireless and network penetration tests.
• Leads penetration tests against systems of extreme complexity, writes reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
• Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
• Owns remediation of vulnerabilities and potential issues found during penetration tests.
• Performs expert assessments and works with Security Architects and Security Engineers to identify complex vulnerabilities and own remediation.
• Performs static source code vulnerability analysis reports for Early Warning developed applications as directed.
• Drives discovery of new vulnerability exploitation techniques, and leads training for team members.
• Performs expert threat modeling to identify all possible attack vectors
• Support the company’s commitment to protect the integrity and confidentiality of systems and data.

Required Skills

Required Experience

Minimum Qualifications:
Successful completion of education or experience equivalent to a Bachelor’s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.

Efficiently owns, performs and delivers security assessment reports and penetration tests, and oversees the remediation of all findings and recommendations

Expert level understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.

Minimum of 4 years of general security penetration test experience and at least 3 years of general IT or information security experience.

Expert knowledge of TCP/IP, networking, web applications, databases, mobile, and cloud applications

Expert knowledge of penetration test and assessment procedures, as well as expert knowledge of remediation best practices

Proficiency with common scripting language(s) such as Python, Ruby, Bash, or Perl

Expert using, configuring, troubleshooting, and administering Kali Linux, Mac OSX, and Windows OS

Expert knowledge of the Kali Linux suite of penetration test tools.

Develops new and custom techniques for various types of security assessments and penetration tests

Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities. testing procedures, and remediation recommendations

Certified Ethical Hacker (CEH) Certification, Certified Penetration Tester (CPT) Certification

CISSP Certification

OSCP, eCRE, eNDP eWDP or eWAPT Certification or equivalent

Delivery of talks or research to regional national Conferences or background in developing and delivering professional security training

Contribution of intellectual property to your current or previous employer to support the automation and repeatability of the penetration testing practice

Proven ethical disclosure of zero day vulnerabilities either as a bug bounty hunter or as internal pentester.

Proven ability to research recommend and document repeatable defense solutions

Background and drug screen

Preferred Qualifications:

• Application Development background
• Social Engineering experience
• Additional related education and/or experience preferred

Physical Requirements:
Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling, and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

Candidates responding to this posting must independently possess the eligibility to work in the United States at the date of hire.

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Early Warning Services is an equal opportunity employer.