Icon hamburger
US
What job do you want?
Apply to this job.
Think you're the perfect candidate?
Apply Now
Thumsup

You’re being taken to an external site to apply.

Enter your email below to receive job recommendations for similar positions.
Idd63q61xck5k7rz97j

Penetration Tester

Collabera Dallas Full-Time
$60.00 - $80.00 / hour
Apply Now

See below for details!

  • Their red team is full right now, so these 2 additional resources will be on the “white team”. The white team is more focused on component-level testing versus trying to take preventative measures before an attack occurs
  • This is a vulnerability assessment tester focused solely on manual assessments. If they are just “hitting a button” to run a scan/test, this is not the correct role. If they have hundreds of scans done in the last 2 years, they most likely are not doing manual assessments because 1 assessment can take up to 7-10 days.
  • Andrew needs to see actual experience doing the testing in the resume, not just one line that says “did pen testing”. It needs to have been their sole responsibility for at least 2 years
  • One of these two testing must have experience testing cloud components, preferably Azure but open to AWS or other cloud environments.
  • Currently his team is 20 people, 6 people are white team testers, 4 are red team, and the other 10 are a mix of different skills.

Questions to Screen Out Candidates:

  • For each technology, how many manual vulnerability assessments have you completed over the last 2 years and what is the most common tool used during the assessment? Web Application SAP Application Cloud Application Mobile Application Infrastructure
  • What is the coolest exploit you have found?
  • What is your favorite nmap parameter and why?

***If they have done 20-30 web app manual assessments, he is comfortable with 1-2 years of experience in pen testing

Job Description:

Candidate should have all of the following technical and professional characteristics as well:

  • Min 6 years of experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment
  • Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
  • Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
  • Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts
  • Minimum 6 years of experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
  • Minimum 6 years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
  • Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
  • Ability to capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
  • Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
  • Minimum 6 years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
  • Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management
  • Preference is for candidates with two or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE

Applications,attacks,banking,GPEN,GSEC,Manual,Mobil,NMAP,OR,OSCP,pen,Penetration,Prevention,tester,testing,Vulnerabilities,Vulnerability,Penetration\
 

Recommended skills

Vulnerability Assessment
Cryptography
Open Web Application Security
Vulnerability
Access Controls
Pci Data Security Standards
Apply to this job.
Think you're the perfect candidate?
Apply Now

Help us improve CareerBuilder by providing feedback about this job: Report this job

Report this Job

Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to our Trust and Site Security Team

Job ID: 221228

CAREERBUILDER TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.