CSI is looking for a Penetration Tester to join our team on an upcoming Security and Privacy Assessment project in the non-profit telecommunications industry. The Pen Tester will complement risk assessments as ongoing defense against technical security threats of weakness exploitation for the same systems.
Responsibilities Include:
-
Penetration Testing:
- Conduct annual penetration testing of IT Systems.
- Ad hoc penetration testing as assigned for targeted applications, subsystems, or in response to emerging threats.
- Penetration testing for ATO-oriented assessments and ISPCM-oriented assessments.
-
-
Vulnerability Assessment:
- Analyze and assess potential security risks and vulnerabilities.
- Conduct vulnerability scans and risk assessments on a variety of platforms.
-
Reporting and Documentation:
- Document and report findings with clear and actionable recommendations.
- Prepare detailed penetration testing reports and executive summaries.
-
Security Recommendations:
- Provide expert guidance on remediation strategies to mitigate identified vulnerabilities.
- Collaborate with IT and development teams to implement security improvements.
-
Security Research:
- Stay updated with the latest security trends, threats, and technology developments.
- Research new attack vectors and develop new testing methodologies.
-
Compliance and Best Practices:
- Ensure compliance with industry standards and regulations (e.g., PCI-DSS, GDPR, HIPAA).
- Advocate for security best practices across the organization.
- Perform testing for OWASP Top Ten
-
Training and Mentorship:
- Mentor junior penetration testers and provide training to staff on security awareness.
- Conduct workshops and training sessions to promote security knowledge.
-
Certifications:
- Must have and maintain at least one of the following current certifications: GIAC Penetration Tester ("GPEN"), Certified Ethical Hacker ("CEH"), CompTIA PenTest+, or Licensed Penetration Tester Master ("LPT").
-
Experience:
- Minimum of 5 years of professional experience in penetration testing and ethical hacking.
- Proven track record of conducting successful penetration tests.
-
Technical Skills:
- Proficiency in using penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
- Strong understanding of network protocols, operating systems, and web application security.
- Experience with scripting languages (e.g., Python, Bash) for automation of tasks.
- Knowledge of various security frameworks and standards (e.g., OWASP, NIST).
-
Soft Skills:
- Excellent problem-solving skills and analytical thinking.
- Strong communication skills, both written and verbal.
- Ability to work independently and as part of a team.
Preferred Qualifications:
- Experience in a similar role within a large enterprise or consulting environment.
- Familiarity with cloud security testing (e.g., AWS, Azure).
- Experience with mobile application security testing.
- Advanced knowledge of social engineering techniques.
- Experience developing Penetration Testing documents, such as scoping documents, ROE and reports.
- Proficiency in Python programming.
- Experience in leading internal and external pen tests.
- Experience in all phases of the Penetration Testing Process.
- Experience with numerous pen testing tools (Nmap, Burp, curl, wget, Nessus, Nikto, SQLMAP etc.).
- Experience with database scanning tools.
- Experience with web application scanning tools.
- Experience with phishing tools.
- The ability to write compelling documentation.