Penetration Tester

Remote
Contracted to Full Time
Experienced
Job Title: Penetration Tester 
Location: Remote in PST, MST or CST
Type: 6 Month Contract to Hire 

Position Overview:

The primary responsibility of the Sr. DevSecOps Engineer – Cyber Security is to act as technical lead in support of technologies that enable the companies’ cyber security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems. The role will serve as a security engineer for software development, supporting technologies that facilitate security of the software products and services. You will utilize various tools and techniques to identify vulnerabilities and weaknesses in client systems, providing detailed reports and recommendations for remediation. This role requires a deep understanding of cyber security principles, hacking methodologies, and a commitment to staying up-to-date with the latest threats and defense strategies.

Additional key responsibilities of role include review of vulnerabilities identified by application security technologies and processes and provide the true positive results to the appropriate software development teams, and coordination with those teams to support their triage and remediation efforts for identified, valid vulnerabilities.

Essential Duties & Responsibilities: 
  • Assist in developing a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that such developed software is free of security vulnerabilities.
  • Conducting and leading comprehensive penetration tests on client networks, systems, and applications.
  • Identifying security vulnerabilities, misconfigurations, and weaknesses in target environments.
  • Utilizing automated scanning tools and manual testing techniques to exploit vulnerabilities.
  • Documenting findings, methodologies, and recommendations in clear and concise reports for clients.
  • Evaluate SDLCs and advise on applicable application security technologies and integration points.
  • Implement application security technologies with SDLCs, including integration of technology, workflows, documentation, training, and other functions necessary to enable stakeholder success.
  • Support developer teams in managing day to day cyber security processes pertaining to development of software.
  • Provide technical guidance to developers as it relates to cybersecurity.
  • Ensure the reliable operation of application security technologies that support program objectives.
  • Work with quality assurance teams to ensure that software is sufficiently analyzed by application security technologies and processes.
  • Work with software development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
  • Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting vulnerability analysis.
  • Provide remediation guidance and recommendations to developers and administrators.
  • Support development of incident response exercises to support development of approaches to respond to use case driven alerts and incidents.
  • Perform security configuration reviews of our products to ensure that they are in alignment with company established best practices.
  • Maintaining ethical standards and confidentiality while conducting penetration testing activities.
Minimum Qualifications: 
  • 21 years of age.
  • Proof of authorization to work in the United States.
  • Must be able to obtain and maintain a Nevada Gaming Control Board Registration and any other certification or license, as required by law or policy.
  • Any of the following combinations of education, professional experience, or both:
    • At least 6 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or
    • At least 6 years of related field work experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role and technical degree in computer / information science; or
    • At least 10 years of relevant field experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role.
  • A strong understanding of cybersecurity fundamentals relating to software development.
  • Experience developing software utilizing at least two of the following coding languages: C#, GoLang, .NET, NodeJS, Java, C++, PHP, Python, or others.
  • Proven experience in conducting penetration tests and security assessments across a variety of environments.
  • Advanced proficiency with penetration testing tools such as Metasploit, Nmap, Burp Suite, and Wireshark.
  • Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are required (at least one).
  • Demonstrated experience working with technical and non-technical staff.
  • Strong collaboration and communication skills.
  • Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks, for example: International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT)
  • Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud
  • Experience with at least three of the following technology spaces (more is preferred): SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling, and similar.
  • Experience validating software development processes meet cybersecurity requirements.
  • Experience analyzing code for weaknesses and errors and overseeing plans to improve code.
  • Safety, consistency in schedule, and regular attendance are essential functions of this job.
  • Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business).
  • On an infrequent, but as needed basis, must be able to work varied shifts, including nights, weekends, and holidays.
  • Willingness to perform other related duties as assigned.
Additional Experience Preferred: 
  • Professional certification in both cybersecurity and software development preferred.
  • Experience as an application or product security engineer.
  • Experience in software development of enterprise applications.
  • Experience in a technical consulting/professional services role, preferably in cyber security, or software development.
  • Proficiency with multiple front-end, back-end, and scripting programming languages and demonstrated ability to become proficient with new programming languages and technologies.
  • Strong familiarity with common vulnerabilities and attack vectors.
  • Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs.
  • Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
  • Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*