02 May
PenTester
Georgia, Peachtreecorners , 30092 Peachtreecorners USA

Vacancy expired!

Calling all Atlanta Penetration Testers! We have a direct hire, fully remote Pen Tester opportunity with a large client of ours in Atlanta. The job description is below, if interested please email your resume to Job Description ROLE AND RESPONSIBILITIES The Security Pen Tester is primarily responsible for leading efforts to assess risk through automated and manual testing and to identify potential weaknesses in applications and systems. A penetration tester is a very hands-on representative of the information security team. This role is highly technical, and candidates must possess a solid understanding of information security, preferably with a strong computer science background. Pen testers must understand applications, networking and various operating systems, along with various tools and frameworks. Penetration testers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy, such as purple teaming, to enhance skillsets for both red and blue team members. While some automated tools will be leveraged, the penetration tester must posess hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). In addition to stealthy engagements, however, penetration testers must also participate in visible and announced assessments for new and existing services, infrastructure and applications to help the team identify weaknesses before an attacker does. Main responsibilities: • Document and formally report testing initiatives, along with remediation recommendations and validation. • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products. • Develop and maintain tools and scripts used in penetration testing. • Support purple team exercises designed to build strength across disparate teams. • Train offensive and defensive colleagues on new TTPs and mentor junior teammates. • Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them. • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary. • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage. • Occasionally attend and participate in change management policy discussions and meetings. • When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention). • Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities. • Collaborate and partner with external pen test vendors. • Perform other duties as assigned.QUALIFICATIONS AND EDUCATION REQUIREMENTS Bachelor's degree in computer science, information assurance, or related technical field or equivalent. At least 7 years' experience in information security administration, offensive tactics, monitoring and IR. At least 3 years' dedicated experience conducting penetration testing/red team engagements as a consultant or previous role in a professional organization. Proficient in scripting languages such as Python, PowerShell, Bash and Ruby. Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit. Strong operating system knowledge across nix, and Windows; proficient with networking protocols. Ability to obtain and maintain persistence within corporate systems, while avoiding detection. Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC). PREFERRED SKILLS Current certifications such as OSCP, OSCE, CEH, GPEN, GWAPT, CREST, CISSP or other relevant certification. Self-starter requiring minimal supervision. Highly organized and efficient. Excellence in communicating business risk and remediation requirements from assessments. Analytical and problem-solving mindset. Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen. ADDITIONAL NOTES Ideal candidates will be a self-starter, can manage multiple projects/initiatives at once, with experience in multiple information security management and monitoring tools. Work in fast paced, global, and highly technical environment. EEO EmployerApex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or

Vacancy expired!


Report job