Blue Yonder
Senior Penetration Testing Consultant
Blue Yonder, Dallas, North Carolina, United States, 28034
Blue Yonder Blue Yonder provides 3,000 of the world’s leading brands with supply chain planning solutions that leverage the full power of their data to take action at scale. Blue Yonder is seeking a Senior Penetration Testing Consultant who would be responsible for leading and conducting penetration test activities against our private and public network. As needed, this candidate will also conduct Penetration Tests for customer environments. This member will play a key role in evolving our Red Team. This role will be a senior role, and someone with strong experience is preferred.The candidate would work with leading PenTest vendors to create SOWs and engage in penetration testing activities as needed. The candidate would also create a solid internal penetration testing program to determine the security posture of the organization and provide meaningful feedback to the stakeholders.ResponsibilitiesCreate and maintain a solid penetration testing program for the organization, a key role within the security organization.Conduct all the penetration activities for the Blue Yonder infrastructure.Co-ordinate customer requests for penetration testing.Focus on all the phases of penetration testing including Information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, and remediation activities.Out of several thousand assets, identify the assets that need prioritization to be assessed.Potential to expand to a Red team with a focus on validating the security controls and security tools that are in place.This candidate would ultimately create awareness about the extent of compromise one could make with the current security posture so that the asset owners can truly understand the security posture of their products and their network.Create processes for the penetration testing program considering all the phases of the program.Leverage vulnerability scan results from all the scanners.Leverage threat intelligence information to raise the bar on the PenTesting program.Evaluate threats, vulnerabilities, and risk in the cloud platform like Azure, AWS, etc.Be responsible for not only identification of results but to provide solid feedback to the stakeholders and to reduce the risk exposure.Capable of validating security controls that are in place within the organization like intrusion prevention systems and intrusion detection systems.An expert in post-exploitation to truly determine the extent of compromise upon identifying vulnerabilities.Describe the root cause and impacts to the asset owners.Demonstrate the risk through verbal and video demonstration in layman terms as needed.Reduce the open vulnerabilities by providing remediation guidance and feedback as needed.Document and track all the hacking activities for management and auditors.Represent the team for internal and external auditors as needed.Review reports for each assessment before it is sent to the asset owners or customers.Participate in and assist with the incident response team, as appropriate.Generate metrics for management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trends.Any other security-related duties assigned by the management.Qualifications7-8 years of proven experience in Penetration testing or Red Teaming; a Master’s degree can be substituted for 2 years of experience.Strong expertise in Vulnerability and Threat Management, Penetration Testing, gathering and condensing threat intelligence into actionable and meaningful communication materials.Bachelor’s degree in information security, Information Technology, Computer Science, or related fields.Deep and diverse experience architecting and implementing network security designs.Expert in network security, system security, and endpoint security.Education and experience in public cloud infrastructure such as Microsoft, Google, AWS, or IBM.Proven experience with products dealing with vulnerability management services which include Retina, Qualys, Tenable, Nexpose, Kali Linux, Metasploit, Core Impact, Immunity Canvas, Burp Suite, Cobalt Strike, Blood Hound, etc.Excellent customer service including strong written and oral communication skills.Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring, and log management and event monitoring/reporting.Certifications such as OSCP, OSCE, CEH, CISSP, or equivalent.Results-oriented and attention to detail.Ability to work in different shifts to partner with the global team.
#J-18808-Ljbffr
#J-18808-Ljbffr