Nelnet
Penetration Tester-Ethical Hacker - RedLens InfoSec
Nelnet, Greendale, Wisconsin, United States, 53129
Penetration Tester-Ethical Hacker - RedLens InfoSec
CampusGuard, a Nelnet Company, provides information security services for campus-based organizations including higher education institutions, healthcare providers, city, county and state government agencies, and hospitality markets. As a full-service information security firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world-class information security & compliance services.SUMMARY:The Penetration Tester/Ethical Hacker is responsible for assessing a customer’s business and operating environment risk and infrastructure vulnerability posture. This position requires a wide range of knowledge of network infrastructures, operating systems hardware platforms, networking systems, and the security vulnerabilities within each category. The qualified individual in this position will scan customer networks to discover and exploit security flaws and vulnerabilities with attack simulations on multiple platforms working against a specific customer-focused scope of work. This position requires a highly technical skill level to assess the risks and vulnerabilities of a customer’s network while being able to articulate the issues to a non-IT professional audience. Excellent communication skills, both oral and written, are required to provide the reporting information to the customer after the tests are completed. When not performing the specific scanning and penetration testing / ethical hacking functions, the individual in this position will provide support to the Security Advisors with other security assessments and gap analysis functions.JOB RESPONSIBILITIES:Responsible for scanning and performing in-depth penetration testing and reporting customer business and operating environments and network infrastructure related to compliance and other relevant industry standards.Understand the Scope of Work for each customer agreement and perform the duties and tasks required by those agreements in an organized, professional manner.Perform vulnerability assessments and penetration testing, utilizing commercial and open-source tools.Conduct web application penetration testing in line with Open Web Application Security Project.Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific customer systems and networks in accordance with an agreed scope of work.Effectively provide technical risk assessment of technologies in networks, applications, systems, wireless, and perform social engineering.Review and analyze security vulnerability data to identify applicability and false positives.Ability to solve complex technical problems and articulate to non-IT personnel.Document all processes and procedures in accordance with CampusGuard standards.Report on findings and advise customers in remediation activities as required.Research and develop testing tools, techniques, and process improvements.When time allows, perform security assessments and gap analysis of system infrastructures in alignment with the PCI DSS, HIPAA, and other well-known information security requirements.Assist with sales and marketing activities:1. Participate in sales calls as an industry expert2. Attend conferences as appropriate3. Prepare and perform industry-related presentations and/or webcasts4. Other sales/marketing support duties as requestedSALARY RANGE:
$75,000 - $115,000, varies based on experience and credentialsEDUCATION AND EXPERIENCE:The Penetration Tester/Ethical Hacker must have sufficient information security knowledge and experience to conduct technically complex security assessments.Minimum acceptable education requirements: Bachelor’s degree in Computer Science, Cyber Security or the equivalent, and/or 3 years’ experience in the information security industryMinimum acceptable certification requirements: Possess industry-recognized security certification(s) including but not limited to one or more of the following: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Offensive Security Web Expert (OSWE), Offensive Security Wireless Professional (OSWP), CompTIA PenTest+, CompTIA Advanced Security Practitioner (CASP+), Certified Red Team Operator (CRTO), TCM Security Practical Network Penetration Tester (PNPT)Note: Candidate must agree to prepare for and pass certifications as directed by his or her supervisor (e.g., the PCI Professional (PCIP) certification).Minimum acceptable work experience requirements: If a candidate does not satisfy any of the above education criteria or certificates, he or she must have a minimum of five years of relevant information security experience or proof of other recognized security certifications.COMPETENCIES – SKILLS/KNOWLEDGE/ABILITIES:• Offensive Security Web Expert (OSWE), Offensive Security Certified Expert (OSCE), or Offensive Security Certified Professional (OSCP) highly preferred.• Strong understanding of various web technologies and testing methodologies.• Experience with penetration testing of cloud-hosted environments is a plus.• Demonstrates an ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience.• Exhibits good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.• Adequately explains, presents, demonstrates [when applicable] and documents the operational impact of a particular vulnerability/exploit. Advise customers in remediation tasks for identified vulnerabilities.• Self-motivated and able to work both independently and with a team.• Willing to travel up to 15% of the time.Our benefits package includes:
medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program.Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402-486-5725 or corporaterecruiting@nelnet.net.Nelnet is a Drug Free and Tobacco Free Workplace.
#J-18808-Ljbffr
CampusGuard, a Nelnet Company, provides information security services for campus-based organizations including higher education institutions, healthcare providers, city, county and state government agencies, and hospitality markets. As a full-service information security firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world-class information security & compliance services.SUMMARY:The Penetration Tester/Ethical Hacker is responsible for assessing a customer’s business and operating environment risk and infrastructure vulnerability posture. This position requires a wide range of knowledge of network infrastructures, operating systems hardware platforms, networking systems, and the security vulnerabilities within each category. The qualified individual in this position will scan customer networks to discover and exploit security flaws and vulnerabilities with attack simulations on multiple platforms working against a specific customer-focused scope of work. This position requires a highly technical skill level to assess the risks and vulnerabilities of a customer’s network while being able to articulate the issues to a non-IT professional audience. Excellent communication skills, both oral and written, are required to provide the reporting information to the customer after the tests are completed. When not performing the specific scanning and penetration testing / ethical hacking functions, the individual in this position will provide support to the Security Advisors with other security assessments and gap analysis functions.JOB RESPONSIBILITIES:Responsible for scanning and performing in-depth penetration testing and reporting customer business and operating environments and network infrastructure related to compliance and other relevant industry standards.Understand the Scope of Work for each customer agreement and perform the duties and tasks required by those agreements in an organized, professional manner.Perform vulnerability assessments and penetration testing, utilizing commercial and open-source tools.Conduct web application penetration testing in line with Open Web Application Security Project.Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific customer systems and networks in accordance with an agreed scope of work.Effectively provide technical risk assessment of technologies in networks, applications, systems, wireless, and perform social engineering.Review and analyze security vulnerability data to identify applicability and false positives.Ability to solve complex technical problems and articulate to non-IT personnel.Document all processes and procedures in accordance with CampusGuard standards.Report on findings and advise customers in remediation activities as required.Research and develop testing tools, techniques, and process improvements.When time allows, perform security assessments and gap analysis of system infrastructures in alignment with the PCI DSS, HIPAA, and other well-known information security requirements.Assist with sales and marketing activities:1. Participate in sales calls as an industry expert2. Attend conferences as appropriate3. Prepare and perform industry-related presentations and/or webcasts4. Other sales/marketing support duties as requestedSALARY RANGE:
$75,000 - $115,000, varies based on experience and credentialsEDUCATION AND EXPERIENCE:The Penetration Tester/Ethical Hacker must have sufficient information security knowledge and experience to conduct technically complex security assessments.Minimum acceptable education requirements: Bachelor’s degree in Computer Science, Cyber Security or the equivalent, and/or 3 years’ experience in the information security industryMinimum acceptable certification requirements: Possess industry-recognized security certification(s) including but not limited to one or more of the following: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Offensive Security Web Expert (OSWE), Offensive Security Wireless Professional (OSWP), CompTIA PenTest+, CompTIA Advanced Security Practitioner (CASP+), Certified Red Team Operator (CRTO), TCM Security Practical Network Penetration Tester (PNPT)Note: Candidate must agree to prepare for and pass certifications as directed by his or her supervisor (e.g., the PCI Professional (PCIP) certification).Minimum acceptable work experience requirements: If a candidate does not satisfy any of the above education criteria or certificates, he or she must have a minimum of five years of relevant information security experience or proof of other recognized security certifications.COMPETENCIES – SKILLS/KNOWLEDGE/ABILITIES:• Offensive Security Web Expert (OSWE), Offensive Security Certified Expert (OSCE), or Offensive Security Certified Professional (OSCP) highly preferred.• Strong understanding of various web technologies and testing methodologies.• Experience with penetration testing of cloud-hosted environments is a plus.• Demonstrates an ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience.• Exhibits good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.• Adequately explains, presents, demonstrates [when applicable] and documents the operational impact of a particular vulnerability/exploit. Advise customers in remediation tasks for identified vulnerabilities.• Self-motivated and able to work both independently and with a team.• Willing to travel up to 15% of the time.Our benefits package includes:
medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program.Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402-486-5725 or corporaterecruiting@nelnet.net.Nelnet is a Drug Free and Tobacco Free Workplace.
#J-18808-Ljbffr