Csinnovations
Penetration Tester
Csinnovations, Washington, District of Columbia, us, 20022
CSI is looking for a Penetration Tester
to join our team on an upcoming Security and Privacy Assessment project in the non-profit telecommunications industry. The Pen Tester will complement risk assessments as ongoing defense against technical security threats of weakness exploitation for the same systems.
This role is hybrid remote with some in-person support required at the customer's location in Washington, DC.
Responsibilities Include:
Penetration Testing:
Conduct annual penetration testing of IT Systems.
Ad hoc penetration testing as assigned for targeted applications, subsystems, or in response to emerging threats.
Penetration testing for ATO-oriented assessments and ISPCM-oriented assessments.
Conduct additional penetration tests as requested to accommodate schedules or ongoing authorization status for an authorized system, as required.
Vulnerability Assessment:
Analyze and assess potential security risks and vulnerabilities.
Conduct vulnerability scans and risk assessments on a variety of platforms.
Reporting and Documentation:
Document and report findings with clear and actionable recommendations.
Prepare detailed penetration testing reports and executive summaries.
Security Recommendations:
Provide expert guidance on remediation strategies to mitigate identified vulnerabilities.
Collaborate with IT and development teams to implement security improvements.
Security Research:
Stay updated with the latest security trends, threats, and technology developments.
Research new attack vectors and develop new testing methodologies.
Compliance and Best Practices:
Ensure compliance with industry standards and regulations (e.g., PCI-DSS, GDPR, HIPAA).
Advocate for security best practices across the organization.
Perform testing for OWASP Top Ten.
Training and Mentorship:
Mentor junior penetration testers and provide training to staff on security awareness.
Conduct workshops and training sessions to promote security knowledge.
Required Skills, Qualifications, and Experience:
Certifications:
Must have and maintain at least one of the following current certifications: GIAC Penetration Tester ("GPEN"), Certified Ethical Hacker ("CEH"), CompTIA PenTest+, or Licensed Penetration Tester Master ("LPT").
Experience:
Minimum of 5 years of professional experience in penetration testing and ethical hacking.
Proven track record of conducting successful penetration tests.
Technical Skills:
Proficiency in using penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
Strong understanding of network protocols, operating systems, and web application security.
Experience with scripting languages (e.g., Python, Bash) for automation of tasks.
Knowledge of various security frameworks and standards (e.g., OWASP, NIST).
Soft Skills:
Excellent problem-solving skills and analytical thinking.
Strong communication skills, both written and verbal.
Ability to work independently and as part of a team.
Preferred Qualifications:
Experience in a similar role within a large enterprise or consulting environment.
Familiarity with cloud security testing (e.g., AWS, Azure).
Experience with mobile application security testing.
Advanced knowledge of social engineering techniques.
Experience developing Penetration Testing documents, such as scoping documents, ROE and reports.
Proficiency in Python programming.
Experience in leading internal and external pen tests.
Experience in all phases of the Penetration Testing Process.
Experience with numerous pen testing tools (Nmap, Burp, curl, wget, Nessus, Nikto, SQLMAP etc.).
Experience with database scanning tools.
Experience with web application scanning tools.
Experience with phishing tools.
The ability to write compelling documentation.
Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.
CSI participates in the E-Verify Employment Verification Program.
#J-18808-Ljbffr
to join our team on an upcoming Security and Privacy Assessment project in the non-profit telecommunications industry. The Pen Tester will complement risk assessments as ongoing defense against technical security threats of weakness exploitation for the same systems.
This role is hybrid remote with some in-person support required at the customer's location in Washington, DC.
Responsibilities Include:
Penetration Testing:
Conduct annual penetration testing of IT Systems.
Ad hoc penetration testing as assigned for targeted applications, subsystems, or in response to emerging threats.
Penetration testing for ATO-oriented assessments and ISPCM-oriented assessments.
Conduct additional penetration tests as requested to accommodate schedules or ongoing authorization status for an authorized system, as required.
Vulnerability Assessment:
Analyze and assess potential security risks and vulnerabilities.
Conduct vulnerability scans and risk assessments on a variety of platforms.
Reporting and Documentation:
Document and report findings with clear and actionable recommendations.
Prepare detailed penetration testing reports and executive summaries.
Security Recommendations:
Provide expert guidance on remediation strategies to mitigate identified vulnerabilities.
Collaborate with IT and development teams to implement security improvements.
Security Research:
Stay updated with the latest security trends, threats, and technology developments.
Research new attack vectors and develop new testing methodologies.
Compliance and Best Practices:
Ensure compliance with industry standards and regulations (e.g., PCI-DSS, GDPR, HIPAA).
Advocate for security best practices across the organization.
Perform testing for OWASP Top Ten.
Training and Mentorship:
Mentor junior penetration testers and provide training to staff on security awareness.
Conduct workshops and training sessions to promote security knowledge.
Required Skills, Qualifications, and Experience:
Certifications:
Must have and maintain at least one of the following current certifications: GIAC Penetration Tester ("GPEN"), Certified Ethical Hacker ("CEH"), CompTIA PenTest+, or Licensed Penetration Tester Master ("LPT").
Experience:
Minimum of 5 years of professional experience in penetration testing and ethical hacking.
Proven track record of conducting successful penetration tests.
Technical Skills:
Proficiency in using penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
Strong understanding of network protocols, operating systems, and web application security.
Experience with scripting languages (e.g., Python, Bash) for automation of tasks.
Knowledge of various security frameworks and standards (e.g., OWASP, NIST).
Soft Skills:
Excellent problem-solving skills and analytical thinking.
Strong communication skills, both written and verbal.
Ability to work independently and as part of a team.
Preferred Qualifications:
Experience in a similar role within a large enterprise or consulting environment.
Familiarity with cloud security testing (e.g., AWS, Azure).
Experience with mobile application security testing.
Advanced knowledge of social engineering techniques.
Experience developing Penetration Testing documents, such as scoping documents, ROE and reports.
Proficiency in Python programming.
Experience in leading internal and external pen tests.
Experience in all phases of the Penetration Testing Process.
Experience with numerous pen testing tools (Nmap, Burp, curl, wget, Nessus, Nikto, SQLMAP etc.).
Experience with database scanning tools.
Experience with web application scanning tools.
Experience with phishing tools.
The ability to write compelling documentation.
Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.
CSI participates in the E-Verify Employment Verification Program.
#J-18808-Ljbffr