Previous Job
Previous
Penetration Tester
Ref No.: 21-00040
Location: Hanover, Maryland
Are you passionate about technology? Join our growing team! AboutWeb, an award-winning IT solutions company, has been providing excellence in product development, application design, and cybersecurity solutions, since 1998. We are a diverse blend of engineers, developers, and cybersecurity professionals, providing cutting-edge solutions to real-world issues and solving problems for clients.
AboutWeb is a subsidiary of Penacity, LLC.


We are currently looking for contracted Penetration Testers for our multiple clients.
Position is remote and/or on-site at a client facility.


Duties and Responsibilities
The duties of a penetration tester at Penacity, LLC varies based on customer requirements. However, there are several core tasks that are common to all penetration tester roles at Penacity.
  • Conducting tests on networks and applications: You must design tests to break into security protected networks, computer systems and web-based applications to look for vulnerabilities.
  • Physical security assessments: You must conduct physical assessments of server systems and network device security. In these physical assessments, you look for ways to exploit vulnerabilities and design solutions to security issues such as temperature, vandalism, humidity, and natural disasters.
  • Conducting security audits: You will conduct security and network audits to evaluate how well an organizations system conforms to a set of established criteria. This will help you to pinpoint ways that attackers could exploit weaknesses in security systems.
  • Analyzing security policies: Organizations enforce security policies that identify procedures and rules for accessing and using their IT resources. Your job will be to analyze these policies for effectiveness, make suggestions for improvements and to work to enhance methodological material.
  • Writing security assessment reports: After conducting your research and tests, you will have to document your findings, write security reports, and discuss solutions with IT and management teams and executive stake holders.
  •  
Functional Responsibilities:
The Penetration Testing Analyst (PTA) may perform any or all of the following:
  • conduct vulnerability assessments; carries out penetration tests
  • perform social engineering tests; analyzes technical security weaknesses
  • perform risk analyses; and develops exploits
  • Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and encryption.
  • Develop tools, techniques, training and countermeasures for computer and network vulnerabilities, data hiding and encryption

Qualifications
Penacity does have entry level opportunities available and is willing to provider training, guidance, and tools for entry level professionals. All senior Penetration Testers we will require one of the following certifications to lead or conduct tests unsupervised:
  • OSWP (Required for Wireless Pen Testing)
  • SANS GIAC
  • EC Counsel LPT
  • CompTIA Pentest+
All Pen testers will have excellent written and oral communication skills. Critical thinking is required to creatively navigate barriers during testing. Strong Analytical Skills are required for report compilation and assessment summarization to stakeholders.
Skills and work experience
Demonstration of relevant work experience is required. Penacity is on the lookout for Pen testers with advanced computer skills and an understanding of networking. Penacity expects candidates to have the knowledge to be able to use these skills to be able to ethically hack into systems and to be able to keep up to date with security software packages.
Penacity is looking for scripting and programming skills because many penetration tester roles require knowledge of specific programming languages or operating systems. Data analytics skills are also a must because you need to review data and analyze the processes needed to accurately correct security issues and threats.
Candidates need to have excellent written and oral communication skills as they will be writing reports about security systems for other teams (such as management or IT) to see and use.
Finally, problem solving skills are also key as the candidate will need to be able to protect networks from unexpected and potentially serious risks. This means candidates must think outside the box and work to resolve threats quickly.
Software and programs used
  • Penetration testers must be familiar with multiple of the following programming languages:
    • Shell Code
    • Go Lang
  • Candidates will need in-depth knowledge of the following security assessment tools
    • Burp Suite
    • Nessus Pro
    • Kali Linux
    • Cobalt Strike
  • Candidates are required to know one of more of the following security frameworks
  • Candidates need in-depth knowledge of the following operating systems

Requirements:
  • Software Development, Networking, and/or Systems Administrator Experience- Deep understanding of 3-tiered Web Application and Mobile Application Architectures
  • Manual Penetration Testing Experience (i.e. mapping applications, injecting SQLi, XSS, XXE, exploit creation)
  • Must have Commercial Web Application Tool Experience (i.e. BurpSuite, AppScan, WebInspect)
  • Network Penetration Testing Tool Experience (i.e. Nmap, Nessus, Wireshark, Metasploit, Hydra, John)
  • Exceptional communication skills, with the ability to explain the technical details of OWASP Top 10 and other vulnerabilities from C-levels to developers in a large professional environment
  • Strong technical background and understand system architecture and design, operating systems, network infrastructure, software installation on test platforms, software development, database, and operating systems.Web Services Security Penetration Testing

Other/Preferred Qualifications:
  • Active Secret Clearance


If you are interested in applying for this job, or if you know someone who is (we offer referral bonuses), please get in touch with us at careers@aboutweb.com.

​#AW