logo

View all jobs

Experienced Penetration Testers - 8859623

Houston, TX
The senior security engineer is a fully qualified individual contributor with expert knowledge of information security services/analysis concepts, penetration techniques, methodologies, and procedures. The engineer will be expected to work on the most complex assignments and perform a comprehensive range of information security services operations activities.
 
Responsibilities
 
  • Find security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security by identifying which flaws can be exploited to cause business risk.
  • Conduct network and application penetration testing for exploitation opportunities.
  • Conduct vulnerability research and analysis.
  • Exploit common vulnerabilities and misconfigurations associated with common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.) for gaining access to systems.
  • Identify tactics, techniques, and procedures (TTPs) for intrusion sets and emulation of cyber adversaries.
  • Develop, refine and utilize tools, techniques and procedures to conduct red team exercises.
  • Use commercial and open source network cyber assessment tools (e.g. Core, Qualys, Nmap, Metasploit, Nessus, AppSpider).
  • Use advanced software applications for network monitoring, and forensics, malware and vulnerability analysis.
  • Provide crucial insights into the most pressing issues and suggest how to prioritize security resources.
  • Identify security metrics delivery and improvements.
  • Create recommendations of threat mitigations.
  • Produce high quality testing reports.
 
Requirements
 
  • Minimum six years’ information security technical experience
  • Minimum Certified Ethical Hacker (CEH) certification
  • Experience creating test plans for cybersecurity penetration testing during developmental testing (DT) and operational testing (OT) and executing DT and OT plans to discover in-depth vulnerabilities and usable exploitations in a system and/or organization
  • Experience in conducting vulnerability/compliance assessments
  • Experience in web application penetration testing activities which include: discovery, vulnerability testing and exploitation 
  • A solid understanding of web servers, middleware, database server components 
  • Experience developing web applications a plus
  • Working knowledge of tools such as AppScan, WebInspect, Arachni, w3af, Burp, fuzzers, etc. 
  • Familiarity with OWASP testing guidelines 
  • Understanding of Secure Development Life Cycle (SDLC)
  • Ability to perform manual testing, SQL injection, and parameter manipulation
  • Possess understanding of Microsoft Office and various Microsoft/UNIX/LINUX systems
  • Understand and be well versed in common cyber threat terminology, vulnerability and penetration test principles and methodologies, possess basic knowledge of cyber incident and response, and related current events

Education/Certifications
 
Preferred Qualifications 

 
  • Six or more years of professional experience
    Social engineering experience is a plus 
    Possess a number of technical certifications from the following list:
    • Offensive Security Certified Professional (OSCP)
    • Web Application Penetration Engineer (WAPT)
    • GIAC Web Application Penetration Engineer (GWAPT)
    • GIAC Penetration Engineer (GPEN)
    • (ISC)² Certified Information Systems Security Professional (CISSP)
    • Cisco Certified Network Associate (CCNA)
 
References required
 
Powered by