18 May
Sr. Penetration Testing Engineer
Vacancy expired!
We are unable to sponsor for this permanent full-time rolePrestigious Fortune 500 Company is currently seeking a Senior Pen-Testing Engineer. Candidate will perform penetration testing for the infrastructure and in-house developed applications to discover security vulnerabilities and weaknesses and provide remediation recommendations. The team is looking for an experienced tester with a willingness to share knowledge and work with the team to enhance the security posture applications and systems.
Responsibilities:- Perform white and black box testing of in-house applications and systems with a variety of commercial and opensource tools
- Devise creative and custom exploits, solutions, and techniques to discover vulnerabilities and exploitability of the targets
- Knowledge-share with team on techniques and results to continuously improve the service offering
- Create detailed report of findings and recommendations after testing is complete and present to stakeholders
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
- Mentor junior members of the team in techniques and best practices in ethical hacking and vulnerability analysis
- 5+ years experience with penetration testing
- Demonstrable knowledge and experience of:
- Cmmon attack techniques for web, mobile and services.
- Cmmon application testing tools including, but not limited to Burp, SQL Map etc
- OWASP Tp 10 iPhone and Android application pen testing – specifically relating to reverse engineering and instrumentation toolsets
- Pen testing in Agile and/r Extreme development environments
- Ability to write scripts/tools to assist in testing
- Experience testing/analyzing applications and networks
- Understanding of encryption technologies
- Understanding of common network protocols
- Working knowledge with various operating systems
- Ability to relay detailed technical concepts to a broad range of audiences, via written reports and presentations
- Passion for continuous learning, growth, and tinkering
- CISSP, GPEN, GWAPT, OSCP, and/or other industry certification is desired but not required
Vacancy expired!