Logo
Blue Yonder

Lead Penetration Tester

Blue Yonder, Coppell, Texas, United States, 75019


Role: Lead Penetration Tester

Synonymous Business Title: Security & Compliance Program Manager - Cloud

Location:

Dallas, TX or Scottsdale, AZ - works remotely

Overview

Blue Yonder is seeking a Lead Penetration Tester who would be responsible for leading and conducting penetration test activities against our private and public network, etc. As needed, this candidate will also conduct a Penetration Test for the customer environments. This member will play a key role in evolving our Red Team. This role will be a senior role and someone with strong experience is preferred.

The candidate will work with leading Pen Test vendors to create SOWs and engage penetration testing activities as needed. The candidate would also create a solid internal penetration testing program to determine the security posture of the organization and provide meaningful feedback to the stakeholders.

Scope/ResponsibilitiesCreate and maintain a solid penetration testing program for the organization, a key role within security organizationConduct all the penetration activities for the Blue Yonder infrastructureCo-ordinate customer requests for penetration testingFocus on all the phases of penetration testing including, Information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, remediation activitiesOut of several thousand assets, identify the assets that need prioritization to be assessedPotential to expand to a Red team with a focus on validating the security controls and security tools that are in placeThis candidate would ultimately create awareness about the extent of compromise one could make with the current security posture - so that the asset owners can truly understand the security posture of their products and their networkCreates processes for the penetration testing program considering all the phases of the programLeverage vulnerability scan results from all the scannersLeverage threat intelligence information to raise the bar on Pen Testing programEvaluate threats, vulnerabilities and risk in cloud platforms like Azure, AWS, etc.Be responsible for not only identification of results but to provide solid feedback to the stake holders and to reduce the risk exposureCapable of validating security controls that are in place with the organization like intrusion prevention systems and intrusion detection systems, etc.An expert in post exploitation to truly determine the extent of compromise, upon identifying vulnerabilitiesDescribe the root cause and impacts to the asset ownersDemonstrate the risk through verbal and video demonstration in layman terms as neededReduce the open vulnerabilities by providing remediation guidance and feedback as neededDocument and track all the hacking activities for Management and auditorsRepresent the team for internal and external auditors as neededReview reports for each assessment before it is sent to the asset owners or to the customersParticipate in and assist with incident response team, as appropriate.Generate metrics for the Management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trendsAny other security related duties assigned by the Management.What We Are Looking For

Minimum Qualifications:

10+ years of Penetration Testing, Ethical Hacking and/or Red Teaming experience.Must have worked with products/tools such as Qualys, Tenable, Nexpose, Metasploit, Core Impact, Burp Suite, Cobalt Strike, etc.Certifications such as OSCP, OSCE, CRTP and/or GPEN.TTP (Tactics, Techniques and Procedures) such as Mitre Framework.Preferred Qualifications:

Bachelor's degree in information security, MIS, or Computer Science highly preferred.Deep and diverse experience architecting and implementing network security designs.Expertise in network security, system security and endpoint security.Education and experience in public cloud infrastructure such as Microsoft, Google, AWS, or IBM.Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.Ability to work in different shifts to partner with the global team.The salary range for this position is $120,335 - $151,665.

The salary range information provided, reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors. In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position.

At Blue Yonder, we care about the wellbeing of our employees and those most important to them. This is reflected in our robust benefits package and options that includes:

Comprehensive Medical, Dental and Vision401K with MatchingFlexible Time OffCorporate Fitness ProgramA variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more

At Blue Yonder, we are committed to a workplace that genuinely fosters inclusion and belonging in which everyone can share their unique voices and talents in a safe space. We continue to be guided by our core values and are proud of our diverse culture as an equal opportunity employer. We understand that your career search may look different than others, and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equity (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.