View all jobs

Experienced Penetration Testers Atlanta (remote) -8865638

Atlanta, GA
The senior security engineer is a fully qualified individual contributor with expert knowledge of information security services/analysis concepts, penetration techniques, methodologies, and procedures. The engineer will be expected to work on the most complex assignments and perform a comprehensive range of information security services operations activities.
  • Find security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security by identifying which flaws can be exploited to cause business risk.
  • Conduct network and application penetration testing for exploitation opportunities.
  • Conduct vulnerability research and analysis.
  • Exploit common vulnerabilities and misconfigurations associated with common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.) for gaining access to systems.
  • Identify tactics, techniques, and procedures (TTPs) for intrusion sets and emulation of cyber adversaries.
  • Develop, refine and utilize tools, techniques and procedures to conduct red team exercises.
  • Use commercial and open source network cyber assessment tools (e.g. Core, Qualys, Nmap, Metasploit, Nessus, AppSpider).
  • Use advanced software applications for network monitoring, and forensics, malware and vulnerability analysis.
  • Provide crucial insights into the most pressing issues and suggest how to prioritize security resources.
  • Identify security metrics delivery and improvements.
  • Create recommendations of threat mitigations.
  • Produce high quality testing reports.
  • Minimum six years’ information security technical experience
  • Minimum Certified Ethical Hacker (CEH) certification
  • Experience creating test plans for cybersecurity penetration testing during developmental testing (DT) and operational testing (OT) and executing DT and OT plans to discover in-depth vulnerabilities and usable exploitations in a system and/or organization
  • Experience in conducting vulnerability/compliance assessments
  • Experience in web application penetration testing activities which include: discovery, vulnerability testing and exploitation 
  • A solid understanding of web servers, middleware, database server components 
  • Experience developing web applications a plus
  • Working knowledge of tools such as AppScan, WebInspect, Arachni, w3af, Burp, fuzzers, etc. 
  • Familiarity with OWASP testing guidelines 
  • Understanding of Secure Development Life Cycle (SDLC)
  • Ability to perform manual testing, SQL injection, and parameter manipulation
  • Possess understanding of Microsoft Office and various Microsoft/UNIX/LINUX systems
  • Understand and be well versed in common cyber threat terminology, vulnerability and penetration test principles and methodologies, possess basic knowledge of cyber incident and response, and related current events

Preferred Qualifications 

  • Six or more years of professional experience
    Social engineering experience is a plus 
    Possess a number of technical certifications from the following list:
    • Offensive Security Certified Professional (OSCP)
    • Web Application Penetration Engineer (WAPT)
    • GIAC Web Application Penetration Engineer (GWAPT)
    • GIAC Penetration Engineer (GPEN)
    • (ISC)² Certified Information Systems Security Professional (CISSP)
    • Cisco Certified Network Associate (CCNA)
References required
Powered by