Cotton & Company LLP
Senior Consultant, Penetration Tester
Cotton & Company LLP, Alexandria, Virginia, us, 22350
Security Consultant, Penetration Tester
(US - Remote) What to expect when you join the Sikich family Team members at Sikich have a lot in common while also being part of a rich and diverse group of contributors, creating a distinct and thriving culture. Chief among our commonalities is a desire for growth and a shared unity of purpose in our professional lives. We believe that through diverse perspectives, challenging the status quo and rewarding action, we accelerate innovation and drive growth - for our clients, for ourselves and for our communities. Do you want to work with other skilled practitioners and serve clients in a way that makes a difference? Are you seeking a supportive environment backed by a deep and extensive set of skillsets? Are you ready to make an impact and be acknowledged for your contributions? If you answered yes to these questions, we see a mutually beneficial and gratifying relationship on the horizon! Position Summary Sikich seeks a security professional to adopt the mindset of a threat actor, lead offensive engagements and assist with forensic investigations. The right candidate will enjoy cultivating trust-based client relationships, thrive in a supportive team environment, and be dedicated to lifelong learning and sharing their expertise. What will you do in this role? Penetration testing (ethical hacking) applications and network environments. Advise clients on scoping decisions, engagement details, and remediation efforts. Author testing plans and penetration test reports using the MITRE ATT&CK Framework. Perform reconnaissance and network surveys to map targets. Engage with proficiency with the following technologies: Web applications and services. Firewall, IPsec and SSL VPNs, IDS/IPS, WLANs. Database functions, interactions, and communications. Commercial and open-source security tools (e.g., Nessus, Nmap, Netcat, Metasploit, Burp Suite, Bloodhound, Empire, Wireshark, hypervisors, run-live distros, etc.). Scripting (Python, PowerShell, JavaScript, Bash) and application development. Interpret vulnerabilities, identify weaknesses, exploit them, and escalate your access. Identify systemic weaknesses in client processes and advise on remediation options. Research trade-craft tools, countermeasures, threats, and technologies. Develop and refine tools, templates, and methodologies as needed. Mentor new team members and peers. Engage with industry as an expert by blogging and speaking at client industry events and webinars. Assist Digital Forensics and Incident Response team with malware analysis and breach investigations. What do you need to succeed in this role? At least three (3) years of experience as a penetration tester. Excellent written and verbal communication skills. Commitment to working with quality assurance and editorial team. Ability to lead communication with C-level, technical, and non-technical audiences. Experience managing networks and systems for both Windows and Unix platforms. Coding and scripting familiarity required (e.g., C#, PowerShell, JavaScript, Python, Bash). Certified in Advanced Network Penetration testing (e.g., OSCP, GPEN, CRTO). Certified in a penetration testing vertical (e.g., cloud, red team, web apps, mobile apps, Wi-Fi, social engineering). Certified or equivalent experience in a general security role (e.g., CISSP, CISM, CISA, GCFA). Familiarity with compliance programs (e.g., PCI DSS, HIPAA, GLBA, CMMC). Experience with incident response or digital forensics a plus. About Sikich Sikich is a global company specializing in Accounting, Advisory, and Technical professional services. With employees across the globe, Sikich ranks as one of the largest professional services companies in the United States. Our comprehensive skillsets, obtained over decades of experience as entrepreneurs, business owners and industry innovators, allow us to provide insights and transformative strategies to help strengthen every dimension of our clients' businesses. Sikich Total Rewards Our team members enjoy expansive benefits ranging from competitive compensation and insurance options to wellness programs and a flexible time off policy. Sikich also takes pride in prioritizing team members' health, total wellbeing and time spent with family, friends and in the pursuit of personal goals, hobbies, and endeavors. Want to learn more? Visit our
Careers website
or
Glassdoor profile . Sikich is an Equal Opportunity Employer M/F/D/V.
#J-18808-Ljbffr
(US - Remote) What to expect when you join the Sikich family Team members at Sikich have a lot in common while also being part of a rich and diverse group of contributors, creating a distinct and thriving culture. Chief among our commonalities is a desire for growth and a shared unity of purpose in our professional lives. We believe that through diverse perspectives, challenging the status quo and rewarding action, we accelerate innovation and drive growth - for our clients, for ourselves and for our communities. Do you want to work with other skilled practitioners and serve clients in a way that makes a difference? Are you seeking a supportive environment backed by a deep and extensive set of skillsets? Are you ready to make an impact and be acknowledged for your contributions? If you answered yes to these questions, we see a mutually beneficial and gratifying relationship on the horizon! Position Summary Sikich seeks a security professional to adopt the mindset of a threat actor, lead offensive engagements and assist with forensic investigations. The right candidate will enjoy cultivating trust-based client relationships, thrive in a supportive team environment, and be dedicated to lifelong learning and sharing their expertise. What will you do in this role? Penetration testing (ethical hacking) applications and network environments. Advise clients on scoping decisions, engagement details, and remediation efforts. Author testing plans and penetration test reports using the MITRE ATT&CK Framework. Perform reconnaissance and network surveys to map targets. Engage with proficiency with the following technologies: Web applications and services. Firewall, IPsec and SSL VPNs, IDS/IPS, WLANs. Database functions, interactions, and communications. Commercial and open-source security tools (e.g., Nessus, Nmap, Netcat, Metasploit, Burp Suite, Bloodhound, Empire, Wireshark, hypervisors, run-live distros, etc.). Scripting (Python, PowerShell, JavaScript, Bash) and application development. Interpret vulnerabilities, identify weaknesses, exploit them, and escalate your access. Identify systemic weaknesses in client processes and advise on remediation options. Research trade-craft tools, countermeasures, threats, and technologies. Develop and refine tools, templates, and methodologies as needed. Mentor new team members and peers. Engage with industry as an expert by blogging and speaking at client industry events and webinars. Assist Digital Forensics and Incident Response team with malware analysis and breach investigations. What do you need to succeed in this role? At least three (3) years of experience as a penetration tester. Excellent written and verbal communication skills. Commitment to working with quality assurance and editorial team. Ability to lead communication with C-level, technical, and non-technical audiences. Experience managing networks and systems for both Windows and Unix platforms. Coding and scripting familiarity required (e.g., C#, PowerShell, JavaScript, Python, Bash). Certified in Advanced Network Penetration testing (e.g., OSCP, GPEN, CRTO). Certified in a penetration testing vertical (e.g., cloud, red team, web apps, mobile apps, Wi-Fi, social engineering). Certified or equivalent experience in a general security role (e.g., CISSP, CISM, CISA, GCFA). Familiarity with compliance programs (e.g., PCI DSS, HIPAA, GLBA, CMMC). Experience with incident response or digital forensics a plus. About Sikich Sikich is a global company specializing in Accounting, Advisory, and Technical professional services. With employees across the globe, Sikich ranks as one of the largest professional services companies in the United States. Our comprehensive skillsets, obtained over decades of experience as entrepreneurs, business owners and industry innovators, allow us to provide insights and transformative strategies to help strengthen every dimension of our clients' businesses. Sikich Total Rewards Our team members enjoy expansive benefits ranging from competitive compensation and insurance options to wellness programs and a flexible time off policy. Sikich also takes pride in prioritizing team members' health, total wellbeing and time spent with family, friends and in the pursuit of personal goals, hobbies, and endeavors. Want to learn more? Visit our
Careers website
or
Glassdoor profile . Sikich is an Equal Opportunity Employer M/F/D/V.
#J-18808-Ljbffr