Previous Job
Penetration Tester
Ref No.: 18-00036
Location: Massachusetts

Penetration Tester

As a Penetration Tester, you will be responsible for evaluating the security of our client's infrastructure by identifying and remediating security flaws across systems, web applications, and mobile platforms. You will continuously assess and exploit vulnerabilities to mitigate cyber threats.
  • Develop penetration testing tactics, techniques and procedures and performs penetration tests against various systems which may include web applications, databases, web services, networks, operating systems and network devices
  • Interpret the identified vulnerabilities, remove false positives and provide a detailed report, with risk, impact, recommendations to remediate the risk
  • Create step by step instructions for reproducing identified issues
  • Provide knowledge sharing with Cyber Security team peers via formal and informal training events, brown bag sessions and web based demos
  • Continually improve red team abilities and value to internal customers
  • Act as a cyber-security evangelist to educate fellow IT team members on cyber security best practices / secure coding standards
  • Document your methodologies
  • Analyze the outcomes and make recommendations for security improvements
  • Work with Developers and QA to build security into test plans
Job Requirements:
  • Penetration testing experience of systems, web-based applications and networks
  • Cyber security experience
  • Solid knowledge and experience of using a variety of penetration testing or threat modelling tools including open source and commercial mapping
  • Experience of threat reporting and assessing vulnerabilities
  • Some consulting experience is advantageous with a proven ability to understand and meet client needs, build relationships and develop a positive dialogue
  • Adept at explaining technical jargon to non-technical parties
  • Scripting skills and reverse engineering experience is desirable
  • Past experience of using problem solving techniques and developing solutions to meet vulnerability threats
  • 3+ years of professional penetration testing experience

  • Flexibility to change direction and manage conflicting demands
  • Outstanding organizational and data analytics skills
  • Comfortable working in a fast-paced environment
  • Ability to explain findings to non-technical professionals
  • Excellent report writing and presentation skills
  • Project planning skills
  • A solid understanding of ethical hacking
  • Solid technical skills in both information security architecture and penetration testing
  • Understanding of the OWASP standards
  • Manual Application testing
Tools / Other:
  • Aircrack-ng
  • PowerShell
  • Burp Suite Pro
  • Zap Proxy
  • Metasploit
  • Veracode
  • Nexpose / InsightVM
Recognized security testing certifications, such as:
  • CEH: Certified Ethical Hacker
  • CPT: Certified Penetration Tester
  • CEPT: Certified Expert Penetration Tester
  • GPEN: GIAC Certified Penetration Tester
  • OSCP: Offensive Security Certified Professional
  • Certified Register of Ethical Security Testers (CREST)