Cyber Penetration Tester- Recent Grads
Category: Corporate Office
Job Type: Full time
Job Req code: R0011510
In this role, the Cyber Penetration Tester will be responsible for the day-to-day testing of our IT applications, systems, IoT devices and networks (Red Team). This individual will also work closely with our cyber security team to help improve our cyber defenses, as a result of the knowledge gained thru their testing (Blue Team)
In addition to their pen testing duties, the chosen individual will also participate in our cyber incident response efforts.
It is important to note that this is an internal IT position, working as a full-time member of Global’s Information Security/Cyber Security Team and is not a consulting or professional services role.
This position may qualify for some remote work and will be considered after 90-days of employment
Responsibilities to include:
- Perform white and black box testing of 3rd party developed business applications, web applications, networks, IoT devices and systems using a variety of opensource pen testing tools
- Perform security related testing, creating test cases, performing manual and automated tests, reporting on problems encountered and documenting test results for follow-up
- Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary, develop automation processes and implement tools and techniques to perform ongoing security assessments of the environment
- Devise creative and custom exploits, solutions, and techniques to discover vulnerabilities and exploitability of the targets
- Execute internal, external, wireless, and web application vulnerability assessments scans to include passive reconnaissance and intel collection
- Execute internal, external, wireless, and web application pen tests
- Execute social engineering tests, including phishing, vishing, and physical
- Participate in the overall enhancement of our cyber defenses
- Knowledge-sharing with the Cyber Security Team on techniques and results, which will be used to drive the continuous improvement of our cyber resiliency
- Create report of findings and provide remedial recommendations after testing is complete
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
- 1- 3 year of hands-on experience performing network, application, system and/or IoT offensive pen testing.
- Some hands-on experience with running and reporting from network and application assessment tool suites like ZAP, NMAP, Nessus, Rapid7 Nexpose, OpenVAS, MetaSploit, BurpSuite, Wireshark, Wi-Fi Pineapple, etc.
- Basic experience using the Kali Linux toolkit for pen testing, in addition to other testing tools, such as Mandiant Commando.
- Experience with pen testing in an enterprise environment would be ideal.
- Some offensive testing/Red-team experience, outside of the candidate’s college studies is preferred.
- Should have practical knowledge and experience with Windows and Linux operating systems
- Basic experience in Wireless and Network assessment in enterprise infrastructure
- Familiarity with Amazon Web Services (AWS) and MS Azure infrastructure, computing, and security.
- Experience with at least one (1) common programming or scripting languages such as Perl, Python, Ruby, Java, PHP, etc.
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
- Familiar with the fundamentals of web applications including authentication, session management, requests, form submittal, etc.
- Understanding and ability to exploit Cross Site Scripting, SQL injection, and other common vulnerabilities
- Some experience with development of RESTful and SOAP web services preferred
- Basic understanding of application security vulnerabilities and exploits (SANS, CVSS, OWASP, Exploit-DB, etc.)
- Good report writing skills and oral communication skills
- Must be a creative and critical thinker
- Highly motivated, deeply passionate and able to work with little oversight or direction
B.S. in Computer Science, Information / Cyber Security, Computer Systems Engineering, Computer Information Systems or equivalent education and experience required
Ethical hacking certifications such as OSCP, CEH, GIAC GPEN or CREST are highly desirable and will be given preference. This individual will be required to attend formal SANS training to achieve an ethical hacking/Pent Testing certification, as agreed upon with their manager.
We are an equal opportunity employer. We consider applications for all positions without regard to race, color, religion, creed, gender, national origin, age, disability, sexual orientation, citizenship status, genetic information or any other legally protected status.