Cybersecurity Penetration Tester Job at Resource Informatics Group Inc in Housto
Resource Informatics Group Inc, Houston, TX, US
Job Description
Very large oil and gas company in The Woodlands / Spring, TX is seeking to hire a consultant as a Cybersecurity Penetration Tester with strong experience in application security. Excellent environment with a global footprint and top tier Cybersecurity technologies. The supervisor of this team is very people/team oriented and will encourage consultants to pursue additional training and certifications (paid for by consulting company, not the individual consultant).
JOB DESCRIPTION
As the Cybersecurity Penetration Tester on this team, you will demonstrate the ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners. Additionally:
- Will capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data.
- Will perform in the role that shows a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
- Will create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management.
REQUIRED SKILLS
- 6+ years of experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment.
- Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
- Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
- Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts.
- 6+ years' experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language.
- 6+ years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases.
- 6+ years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
PREFERRED CERTIFICATIONS
Preference will be given to candidates who have 2 or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE
Required Skills: Application Security, Penetration Tester, Security Preferred Skills: