Job Description :
Title: Senior Penetration Tester
Location: Beaverton, OR
Duration: 6-7 months
Job Description
The Sr. Penetration Tester is part of the Attack Surface Management (ASM) organization and participates in the attack surface reduction of global computing assets. The Sr. Penetration Tester is responsible for security testing of client technology, coordination with stakeholders regarding their findings and completion of day to day tasks associated with penetration test program.
Job Responsibilities
- Conduct initial penetration test scoping/kick off meetings with business stakeholders.
- Lead network, web application, mobile and web service penetration testing within the designated scope and rules of engagement.
- Lead regular meetings with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.
- Provides analysis of remediation actions taken, opportunities for improvement and blockers.
- Provide mentoring and training to junior members of penetration testing team.
- Perform required audit related tasks from internal audit, SOX and PCI activities.
- Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.
- Maintain and compose operational process documentation regarding program execution.
Qualifications
- Bachelor''s degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
- 5+ years of IT professional experience
- 2+ years Information Security experience
- Understanding of a variety of technical concepts such as: Networking, systems administration, application development, and information security practices
- Experience with data analytics with the ability to provide qualitative analysis and recommendations.
- Strong verbal and written communication skills.
- Strong organizational and/or project management skills.
- Ability to develop strong working relationships with a variety of other enabling teams.
- Strong attention to detail, data accuracy, and data analysis.
- Self-motivated and operates with a high sense of urgency and a high level of integrity.
Strongly Preferred
- Certifications such as GIAC Penetration Testing (GPEN) or GIAC Web Application Penetration Testing (GWAPT) are strongly preferred.
- Previous experience working in large scale environments with diverse technologies.
- Experience and knowledge of performing security tasks within AWS or Azure cloud environments
- Ability to automate technical tasks through use of API or scripting
Demonstrated technical experience with:
- Technical administration of Vulnerability or Secure Code solutions such as Metasploit, Burp, ADB, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, AppSpider
- Windows Servers, Desktops, Laptops
- UNIX Servers (Solaris, Red Hat Enterprise)
- Network Switching and Routing (Cisco, Juniper)
- Familiarity of TCP/IP and associated protocols.
Skills:
Required
Penetration Testing
API
Application Development
Data Analysis
Metasploit
Additional
AWS
Information Security
Networking
Nexpose
Project Management
Qualitative Analysis
Qualys
Scripting
Security
Security Practices
Solutions
Systems Administration
Testing
Audit
Cisco
Cyber Security
Data Analytics
Documentation
GIAC
Governance
Internal Audit
Juniper
Marketing Analysis
PCI
Process Documentation
Quantitative
Red Hat
Remediation
Sarbanes-Oxley (SOX)
Solaris
TCP