Lead Penetration Tester

job details:

+ location:Texas City, TX

+ salary:$66 - $76 per hour

+ date posted:Friday, June 11, 2021

+ job type:Temp to Perm

+ industry:Public Administration

+ reference:847064

job description

Lead Penetration Tester

job summary:

PRIMARY DUTIES AND RESPONSIBILITIES:

- Be able to handle the most dynamic and challenging scenarios encountered by the program and assist other analysts by providing direction and guidance when necessary.

- Perform Vulnerability Metrics Reporting for Ad-hoc and scheduled metrics report for various KPIs around vulnerability management activities

- Perform in-depth analysis of red team engagements results and provide a detail report that describes findings, exploitation procedures, risks and recommendations.

- Responsible to identify and exploit security vulnerabilities in a wide array of solutions in a variety of situations.

- Execute penetration testing projects using the established methodology, tools and rules of engagements.

- Design security test cases with the intent to exploit security-protected applications

- Respond to questions from stakeholders about security assessment reports.

- Collaborate with support groups/stakeholders on details about identified vulnerabilities.

- Make recommendations on how we can improve application and network security assessment processes (Security tools, automation, delivery)

- Analyze business policies for effectiveness, make suggestions on security policy improvements, and enhance security testing methodology material.

- Stay up to date on latest vulnerabilities and potential impact to AmerisourceBergen environment, as new vulnerabilities are released, must stay on top of information related to them and how they may impact AmerisourceBergen

- Testing application code level vulnerabilities using penetration testing methodologies

- Maintain day-to-day relationship with security and services partners

- Develop security solutions for critical and/or highly complex assignments.

- Develop remediation strategies and risk responses associated with the protection of infrastructure and information assets.

- Ability to work independently taking initiative and as part of a team participating in a collaborate effort for a common goal.

- Mentors less-experienced team members.

EXPERIENCE AND EDUCATIONAL REQUIREMENTS:

- Bachelor's Degree in Computer Science, CyberSecurity or other related field, or equivalent work experience.

- Experience in application and network security testing

- Typically requires at least 8 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5years' experience in conducting penetration testing.

- Requires Security Certification(s) any of the following :(i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM) or Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), eLearnSecurity Web application Penetration Tester (eWPT)or other equivalent recognized security certifications (OSCP & eWPT is major plus)

- Familiarity with programming languages any of the following : (such as SQL, C ++, JavaScript, Ruby, .Net, Java, Apex, ABAP, and Python)

- Working knowledge with open-source security tools (Burp, Nmap, SSlscan, Sqlmap, Nikto, Metasploit, etc.) and COTS (WebInspect, Fortify, Qualys, Tanium)

- Familiar with OWASP Top 10 Methodologies

- Familiar with SANS Top 25 controls

- Familiar with Penetration Testing Standards

- Familiar with MITRE ATTACK framework

MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:

- Great attitude to help, learn and grow, excitement is always welcome

- Experience applying structured analytical methodologies in effort to solve complex security engagements

- Experience with Red and Blue teaming or equivalent

- Solid understanding of vulnerabilities reported and the ability to conduct impact analysis of security threats

- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.

- Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST, HIPAA, SOXand PCI

- Ability to lead and provide direction to project teams

- strong consultative skills; ability to interface effectively with technical and non-technical leaders.

- Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.

job type: Contract

salary: $66 - 76 per hour

work hours: 8am to 4pm

education: Bachelors

responsibilities: