Penetration Tester

Penetration Tester Role:

The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

Penetration Testing Duties and Responsibilities:

• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired, wireless networks, and mobile applications/devices, Cloud(Azure, AWS, Google Etc) apps and software’s.
• Set up environment and maintain required tools needed for the team.
• Lead and manage Penetration Testing team and Supporting vendors to get qualitative deliveries to our customer.
• Develop and maintain security testing plans
• Able to automate penetration and other security testing on networks, systems and applications.
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
• Produce actionable, threat-based, reports on security testing results
• Act as a source of direction, training, and guidance for less experienced staff
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.
• Foster and maintain relationships with key stakeholders and business partners

Certificates:

Must Have

• Offensive Security Certified Professional (OSCP)

Good to have

• CREST Registered Penetration Tester (CRT)
• Certified Ethical Hacker (CEH) Certification
• GIAC Certified Penetration Tester (GPEN)

Penetration Testing Expert Requirements and Qualification:

• Previous working experience as a Penetration Testing Expert for 5 - 7 year
• BE in Computer Information Systems, Management Information Systems, or similar relevant field
• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Must know about standard Industry security Practices (OWASP, SANS, etc), Knowledgeable about industry Security guidelines and compliance such as ISO27001, SOC2, HIPPA etc.
• Hands on experience with testing frameworks such as the PTES and OWASP.
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
• Critical thinker and problem solver
• Excellent organizational and time management skills

Penetration Tester Role:

The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

Penetration Testing Duties and Responsibilities:

• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired, wireless networks, and mobile applications/devices, Cloud(Azure, AWS, Google Etc) apps and software’s.
• Set up environment and maintain required tools needed for the team.
• Lead and manage Penetration Testing team and Supporting vendors to get qualitative deliveries to our customer.
• Develop and maintain security testing plans
• Able to automate penetration and other security testing on networks, systems and applications.
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
• Produce actionable, threat-based, reports on security testing results
• Act as a source of direction, training, and guidance for less experienced staff
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.
• Foster and maintain relationships with key stakeholders and business partners

Certificates:

Must Have

• Offensive Security Certified Professional (OSCP)

Good to have

• CREST Registered Penetration Tester (CRT)
• Certified Ethical Hacker (CEH) Certification
• GIAC Certified Penetration Tester (GPEN)

Penetration Testing Expert Requirements and Qualification:

• Previous working experience as a Penetration Testing Expert for 5 - 7 year
• BE in Computer Information Systems, Management Information Systems, or similar relevant field
• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Must know about standard Industry security Practices (OWASP, SANS, etc), Knowledgeable about industry Security guidelines and compliance such as ISO27001, SOC2, HIPPA etc.
• Hands on experience with testing frameworks such as the PTES and OWASP.
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
• Critical thinker and problem solver
• Excellent organizational and time management skills