Job Searchi - jobSearchi.com

Job Details

ID #20103870
State Kentucky
City Florence
Job type Contract
Salary USD Depends on Experience Depends on Experience
Source DISYS - Digital Intelligence Systems, LLC
Showed 2021-09-23
Date 2021-08-30
Deadline 2021-10-29
Category Et cetera
Create resume

Vulnerability Assessor/Penetration Tester

Kentucky, Florence, 41042 Florence USA

Vacancy expired!

Position: Vulnerability Assessor/Penetration Tester

Location: Florence Kentucky 41042

Duration: 12 months Contract on W2

Job ID: NEMSJP00153511 & NEMSJP00153513

Job DescriptionThis role is for an Vulnerability Assessor/Penetration Tester who will focus on ATMs and related infrastructure, hardware and applications.This role is highly technical, and candidates must possess a solid understanding of information security. The tester must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.The tester must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the team strategy.While some automated tools will be leveraged, the tester must realize this is not solely a point-and-click role, but requires hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). The tester will participate in visible and announced assessments for new and existing services, infrastructure and applications to help the team identify weaknesses before an attacker does.

Essential Job DutiesWork with teammates to consistently learn and share advanced skills and foster team excellence.Document and formally report testing initiatives, along with remediation recommendations and validation.Conduct tactical assessments that require expertise in application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.Develop and maintain tools and scripts used in penetration-testing team processes.Train offensive and defensive colleagues on new TTPs and mentor junior teammates.Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.Perform other duties as assigned.

Skills and ExperienceAt least 3 years experience in information security administration, offensive tactics, vulnerability assessment and penetration testing, especially as related to ATM and related infrastructure, hardware and applications.Proficient in scripting languages such as Python, PowerShell, Bash and Ruby. (Scripting language is helpful but NOT required.)Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.Experience conducting vulnerability assessments and penetration-testing engagements as a consultant or within a previous role in a professional organization.Strong operating system knowledge across nix, Windows; proficient with networking protocols.Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).

Additional QualificationsProven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.Self-starter requiring minimal supervision.Excellence in communicating business risk and remediation requirements from assessments.Analytical and problem-solving mindset.Highly organized and efficient.Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education RequirementsBachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.

Experience RequirementsAt least 3 years of related experience required

Certification RequirementsPreferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT.

Vacancy expired!

Subscribe Report job