Applications Penetration Tester - App/Sec/Offensive Team Lead

NO SPONSORSHIP

SALARY: $178k - $180k flex plus 20% bonus

Lead Penetration Tester - Applications App/Sec/Offensive Team

LOCATION: Remote

Looking for a very experienced high-end penetration tester AppSec/Offensive security architect/engineer prefer someone who came up through application development. Must also has experience in infrastructure and networking penetration testing and has leadership tech team lead must have great soft skills

We are seeking an Information Security Senior to provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

Penetration Testing and Red Team assessments

• Perform internal and external penetration testing of network infrastructure and applications
• Perform Red team assessments including physical, social engineering, and network exploitation
• Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
• Perform network reconnaissance, OSINT, social engineering, and physical security reviews
• This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness.

Qualifications:

• 8-10 years of experience in Penetration testing, Red Team and Purple Team
• Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience
• Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.)
• Must have a demonstrable understanding of voice and data networks, major operating systems, Active Directory, cloud technologies
• Must demonstrate knowledge of MITRE's ATT&CK framework, execute and chain TTP's
• Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
• Ability to optimally code in a Scripting language (Python, Bash, PowerShell, Perl, etc.)