Penetration Tester

Candidate will be responsible for performing various technical security assessments, educating the client on the inherent risks associated with vulnerabilities, and providing meaningful hardening and mitigation strategies.

Job Description:
-Conduct web and network-based penetration tests
-Conduct vulnerability scans (Web, OS, and Database)
-Analyze vulnerability scan results, report vulnerabilities, and facilitate vulnerability remediation strategies with Points of Contacts (POCs)
-Identify false positives and risk acceptance candidates
-Clearly understand and communicate risks associated with vulnerabilities
-Conduct logical security audits and hands-on technical security evaluations and implementations
-Conduct physical security assessments
-Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security

Demonstrated technical experience with:
-Network & Web Application Penetration Testing
-Vulnerability Scanning and Analysis
-Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
-Switching/Routing and TCP/IP
-Databases (e.g., MS SQL, Oracle, DB2)
-Web application vulnerability scanners (e.g., Qualys WAS, WebInspect, AppScan)
-Database vulnerability scanners (e.g., AppDetective, DbProtect)
-General purpose vulnerability scanners (e.g., QualysGuard, Nessus)
-Security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
-NIST Special Publications (e.g., 800-53, 800-37)

Technical writing experience:
-Security assessment reports
-Standard operating procedures documents
-Formal policy and procedure documents
-Management and executive reports