Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems and mobile applications/ devices.
Develop and maintain security testing plans.
Automate penetration and other security testing on networks, systems and applications.
Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
Produce actionable, threat-based, reports on security testing results.
Act as a source of direction, training, and guidance for less experienced staff
Mentor and coach other IT security staff to provide guidance and expertise in their growth.
Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.
Communicate security issues to a wide variety of internal and external customers to include technical teams, executives, risk groups, vendors and regulators.
Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.
Key Skills Requirements
Previous working experience with penetration testing or vulnerability management for 3-5 years.
In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell).
Hands on experience with testing frameworks such as the Strong familiarity with OWASP Top Ten, NIST, MITRE ATT&CK and PTES.
Good hands-on expertise with Tenable Nessus (or) Acunetix web vulnerability scanners.
Applicable knowledge of Windows client/server, Unix/Linux systems, VMware/HyperV, and cloud technologies such as AWS, Azure, or Google Cloud.
Hands on knowledge to troubleshoot network protocols/packets and systems knowledge.
