Senior Penetration Testing Engineer

Prestigious Fortune 500 Company is currently seeking a Senior Pen-Testing Engineer. Candidate will perform penetration testing for the infrastructure and in-house developed applications to discover security vulnerabilities and weaknesses and provide remediation recommendations. The team is looking for an experienced tester with a willingness to share knowledge and work with the team to enhance the security posture applications and systems.

Responsibilities:

• Perform white and Black Box testing of in-house applications and systems with a variety of commercial and opensource tools
• Devise creative and custom exploits, solutions, and techniques to discover vulnerabilities and exploitability of the targets
• Knowledge-share with team on techniques and results to continuously improve the service offering
• Create detailed report of findings and recommendations after testing is complete and present to stakeholders
• Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
• Mentor junior members of the team in techniques and best practices in ethical hacking and vulnerability analysis

Qualifications:

• 5+ years experience with penetration testing
• Demonstrable knowledge and experience of:
• Cmmon attack techniques for web, mobile and services.
• Cmmon application testing tools including, but not limited to Burp, SQL Map etc
• OWASP Tp 10 iPhone and Android application pen testing specifically relating to reverse engineering and instrumentation toolsets
• Pen testing in Agile and/r Extreme development environments
• Ability to write scripts/tools to assist in testing
• Experience testing/analysing applications and networks
• Understanding of encryption technologies
• Understanding of common network protocols
• Working knowledge with various operating systems
• Ability to relay detailed technical concepts to a broad range of audiences, via written reports and presentations
• Passion for continuous learning, growth, and tinkering
• CISSP, GPEN, GWAPT, OSCP, and/or other industry certification is desired but not required