SecureIT
Senior Penetration Tester
SecureIT, Reston, Virginia, United States, 22090
SecureIT is a leading provider of cybersecurity, cloud and compliance advisory services. We are committed to quality and the relationships that we build with our clients.At SecureIT, you will have the opportunity to work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. We foster an environment of continuous learning, professional growth and collaboration. SecureIT offers an exciting and rewarding career path with an excellent benefits package.SecureIT is currently seeking an experienced
penetration tester
to perform security assessments of the network layer, web applications, and mobile applications.Job responsibilities:Lead SecureIT’s stand-alone penetration testing projects, as well as pen testing activities in support of FedRAMP or other security audit/assessment projectsPerform “heavy-lifting” activities on pen test engagements (network layer, web applications, and mobile applications), as well as red team exercisesLeverage automated scanning, assessment, and exploit tools and (especially) perform focused manual testing procedures to identify and exploit vulnerabilitiesMeet with prospective clients to scope, price, and sell pen testing work, as well as provide scope and approach content for proposals and SOWsLead communications with client technical staff and management, including formal reports and presentationsPartner with and mentor other members of the pen testing teamAssist in developing and maintaining SecureIT’s penetration testing methodologies and toolsetsRequirements:Minimum 5+ years total pen testing experience, with at least 3 years in a “lead pen tester” roleWide-ranging technical security knowledge across all layers of the stack, across various platforms, and across a variety of vendor productsExpertise with standard tools (like Nmap, Nessus, BurpSuite, Metasploit) and advanced testing tools (like Cobalt Strike), as well as broad familiarity with open-source security projects and tools that can be leverage during testingDemonstrable expertise in manual testing and surfacing vulnerabilities and deficiencies that automated tools often missStrong verbal and written communication skills, including the ability to effectively communicate technical security matters, including clearly elaborating on technical details for technical audiences and properly summarizing for non-technical management/business audiencesAt least one hands-on certification related directly to penetration testing (OSCP preferred, but others such as SANS GPEN accepted) and at least one other industry standard cybersecurity certification (such as CISSP)Additional Desired Skills:Pen testing across cloud systems running on any of the “big three” hyper-scale cloud providers (AWS, GCP, and Azure)1+ year experience in scoping, selling, and proposal-writing for pen testing engagementsCoding experience to develop/modify testing scriptsRed Teaming experience across a variety of project scopes and technical environments
#J-18808-Ljbffr
penetration tester
to perform security assessments of the network layer, web applications, and mobile applications.Job responsibilities:Lead SecureIT’s stand-alone penetration testing projects, as well as pen testing activities in support of FedRAMP or other security audit/assessment projectsPerform “heavy-lifting” activities on pen test engagements (network layer, web applications, and mobile applications), as well as red team exercisesLeverage automated scanning, assessment, and exploit tools and (especially) perform focused manual testing procedures to identify and exploit vulnerabilitiesMeet with prospective clients to scope, price, and sell pen testing work, as well as provide scope and approach content for proposals and SOWsLead communications with client technical staff and management, including formal reports and presentationsPartner with and mentor other members of the pen testing teamAssist in developing and maintaining SecureIT’s penetration testing methodologies and toolsetsRequirements:Minimum 5+ years total pen testing experience, with at least 3 years in a “lead pen tester” roleWide-ranging technical security knowledge across all layers of the stack, across various platforms, and across a variety of vendor productsExpertise with standard tools (like Nmap, Nessus, BurpSuite, Metasploit) and advanced testing tools (like Cobalt Strike), as well as broad familiarity with open-source security projects and tools that can be leverage during testingDemonstrable expertise in manual testing and surfacing vulnerabilities and deficiencies that automated tools often missStrong verbal and written communication skills, including the ability to effectively communicate technical security matters, including clearly elaborating on technical details for technical audiences and properly summarizing for non-technical management/business audiencesAt least one hands-on certification related directly to penetration testing (OSCP preferred, but others such as SANS GPEN accepted) and at least one other industry standard cybersecurity certification (such as CISSP)Additional Desired Skills:Pen testing across cloud systems running on any of the “big three” hyper-scale cloud providers (AWS, GCP, and Azure)1+ year experience in scoping, selling, and proposal-writing for pen testing engagementsCoding experience to develop/modify testing scriptsRed Teaming experience across a variety of project scopes and technical environments
#J-18808-Ljbffr