Softthink Solutions
Softthink Solutions is hiring: Penetration Tester – Cybersecurity...
Softthink Solutions - Herndon, VA, United States, 22070
Work at Softthink Solutions
Overview
- View job
Overview
Job Overview:
We are seeking a skilled Penetration Tester with strong expertise in cybersecurity assessment, vulnerability management, and security tools such as Qualys, Nessus, Burp Suite, Metasploit, and more. The ideal candidate will be responsible for conducting security assessments, ethical hacking, and penetration testing to identify and remediate vulnerabilities in networks, applications, and cloud environments.
Key Responsibilities:
- Perform penetration testing on web applications, networks, cloud infrastructure, APIs, and mobile applications.
- Utilize Qualys, Nessus, Burp Suite, Metasploit, and other security tools to identify and remediate security vulnerabilities.
- Conduct vulnerability assessments, exploit research, and security audits to assess and enhance system defenses.
- Develop detailed security assessment reports and provide actionable recommendations to stakeholders.
- Work with DevOps and security teams to implement secure coding best practices and risk mitigation strategies.
- Simulate real-world cyberattacks and assess the effectiveness of security controls.
- Stay updated with the latest security threats, vulnerabilities, and industry best practices.
- Support security compliance initiatives, including NIST, ISO 27001, CIS, and SOC 2 requirements.
Required Skills & Qualifications:
- 3-5+ years of experience in penetration testing, red teaming, and ethical hacking.
- Hands-on experience with Qualys, Nessus, Burp Suite, Metasploit, Kali Linux, and other security tools.
- Strong understanding of network security, cloud security (AWS, Azure, GCP), and application security.
- Proficiency in scripting languages like Python, PowerShell, Bash, or JavaScript to develop custom security tools.
- Deep knowledge of OWASP Top 10, MITRE ATT&CK framework, CVSS scoring, and security frameworks.
- Experience with secure coding practices, web application firewalls (WAF), and intrusion detection systems (IDS).
- Certifications preferred: CEH, OSCP, GPEN, CISSP, or equivalent.
Nice to Have:
- Experience with cloud security testing in AWS, Azure, or GCP.
- Knowledge of Zero Trust security models and threat intelligence platforms.
- Familiarity with DevSecOps integration and automated security testing.
This is a remote position.
#J-18808-Ljbffr