Cyber Security Innovations logo

Penetration Tester

Cyber Security Innovations
Full-time
On-site
Washington, District of Columbia, United States
$120,000 - $150,000 USD yearly

CSI is looking for a Penetration Tester to join our team on an upcoming Security and Privacy Assessment project in the non-profit telecommunications industry. The Pen Tester will complement risk assessments as ongoing defense against technical security threats of weakness exploitation for the same systems.

Responsibilities Include:

  • Penetration Testing:
    • Conduct annual penetration testing of IT Systems.
    • Ad hoc penetration testing as assigned for targeted applications, subsystems, or in response to emerging threats.
    • Penetration testing for ATO-oriented assessments and ISPCM-oriented assessments.
  • Vulnerability Assessment:
    • Analyze and assess potential security risks and vulnerabilities.
    • Conduct vulnerability scans and risk assessments on a variety of platforms.
  • Reporting and Documentation:
    • Document and report findings with clear and actionable recommendations.
    • Prepare detailed penetration testing reports and executive summaries.
  • Security Recommendations:
    • Provide expert guidance on remediation strategies to mitigate identified vulnerabilities.
    • Collaborate with IT and development teams to implement security improvements.
  • Security Research:
    • Stay updated with the latest security trends, threats, and technology developments.
    • Research new attack vectors and develop new testing methodologies.
  • Compliance and Best Practices:
    • Ensure compliance with industry standards and regulations (e.g., PCI-DSS, GDPR, HIPAA).
    • Advocate for security best practices across the organization.
    • Perform testing for OWASP Top Ten
  • Training and Mentorship:
    • Mentor junior penetration testers and provide training to staff on security awareness.
    • Conduct workshops and training sessions to promote security knowledge.

  • Certifications:
    • Must have and maintain at least one of the following current certifications: GIAC Penetration Tester ("GPEN"), Certified Ethical Hacker ("CEH"), CompTIA PenTest+, or Licensed Penetration Tester Master ("LPT").
  • Experience:
    • Minimum of 5 years of professional experience in penetration testing and ethical hacking.
    • Proven track record of conducting successful penetration tests.
  • Technical Skills:
    • Proficiency in using penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
    • Strong understanding of network protocols, operating systems, and web application security.
    • Experience with scripting languages (e.g., Python, Bash) for automation of tasks.
    • Knowledge of various security frameworks and standards (e.g., OWASP, NIST).
  • Soft Skills:
    • Excellent problem-solving skills and analytical thinking.
    • Strong communication skills, both written and verbal.
    • Ability to work independently and as part of a team.

Preferred Qualifications:

  • Experience in a similar role within a large enterprise or consulting environment.
  • Familiarity with cloud security testing (e.g., AWS, Azure).
  • Experience with mobile application security testing.
  • Advanced knowledge of social engineering techniques.
  • Experience developing Penetration Testing documents, such as scoping documents, ROE and reports.
  • Proficiency in Python programming.
  • Experience in leading internal and external pen tests.
  • Experience in all phases of the Penetration Testing Process.
  • Experience with numerous pen testing tools (Nmap, Burp, curl, wget, Nessus, Nikto, SQLMAP etc.).
  • Experience with database scanning tools.
  • Experience with web application scanning tools.
  • Experience with phishing tools.
  • The ability to write compelling documentation.