The Sr. Penetration Tester is part of the SecurityOperations organization and participates in the attack surface reduction ofglobal computing assets.The Sr. Penetration Tester is responsible for securitytesting of Client technology, coordination with stakeholders regarding theirfindings and completion of day to day tasks associated with penetrationtestprogram. The Sr. Penetration tester shall take the technical lead on webapplication, mobile application and red team engagements.
· Conduct initial penetration test scoping/kickoff meetings with business stakeholders.
· Lead web application, mobile, web service andnetwork penetration testing within the designated scope and rules ofengagement.
· Lead regular meetings withbusinessstakeholdersto ensure remediation efforts adhere to corporate standards and policies.
· Provides analysis of remediation actions taken,opportunities for improvement and blockers.
· Provide mentoring and training to juniormembers of penetration testing team.
· Perform required audit related tasks frominternal audit, SOX and PCI activities.
· Interface with other CIS organizations suchas Governance, Risk and Threat Intelligence to report on program status and coordinaterisk tracking.
· Maintain and compose operational processdocumentation regarding program execution.
· Maintain and grow penetration testing toolsuites through the use of commercial and open source products.
· Lead and organize red team activities, withappropriate coordination with blue team resources.
· Bachelor's degree in Computer Science, InformationTechnology, Cyber Security, or related discipline or equivalent experience.
· 5+ years of IT professional experience.
· Strong understanding of a variety oftechnical concepts such as: Application development, networking, systemsadministration, and information security practices.
· Strong Web Application development, securityflaw and remediation technical understanding.
· Experience with data analytics with theability to provide qualitative analysis and recommendations.
· Strong verbal and written communicationskills.
· Strong organizational and/or projectmanagement skills.
· Ability to develop strong workingrelationships with a variety of other enabling teams.
· Strong attention to detail, data accuracy,and data analysis.
· Self-motivated and operates with a high senseof urgency and a high level of integrity.
· Certifications such asGIAC Web ApplicationPenetration Testing (GWAPT), OffensiveSecurity Certified Professional (OSCP) or GIAC Penetration Testing(GPEN) are strongly preferred.
· Previous experience working in large scaleenvironments with diverse technologies.
· Experience and knowledge of performingsecurity tasks within AWS or Azure cloud environments
· Ability to automate technical tasks throughuse of API or scripting
Demonstrated technical experiencewith:
· Technical administration of Vulnerability orSecure Code solutions such as Metasploit, Burp,ADB, Rapid7 Nexpose, Qualys,WhiteHat,Microfocus Fortify&WebInspect, Veracode, AppSpider
· Windows Servers, Desktops, Laptops
· UNIX Servers (Solaris, Red Hat Enterprise)
· Network Switching and Routing (Cisco,Juniper)
· Familiarity of TCP/IP and associatedprotocols.