Penetration Tester
| Company | AAA Club Alliance |
|---|---|
| Location | New Mexico, USA, Washington, USA, Kansas, USA, Pennsylvania, USA, Oregon, USA, Delaware, USA, Iowa, USA, Washington, DC, USA, Texas, USA, Montana, USA, Jackson Township, NJ, USA, Florida, USA, Waterbury, CT, USA, South Carolina, USA, South Dakota, USA, Georgia, USA, Arizona, USA, Concord, NH, USA, Mississippi, USA, Tennessee, USA, Virginia, USA, Arkansas, USA, Minnesota, USA, Colorado, USA, Nebraska, USA, Rhode Island, USA, Utah, USA, Kentucky, USA, West Virginia, USA, New York, NY, USA, Maryland, USA, Wisconsin, USA, Maine, USA, Massachusetts, USA, North Carolina, USA, Missouri, USA, Ohio, USA, Indiana, USA, Louisiana, USA, Michigan, USA, Illinois, USA, Alabama, USA, Idaho, USA |
| Salary | $110520 – $164000 |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Bachelor’s degree (in Information Technology or a related discipline) or equivalent experience
- 6 or more years of Information Technology and Security experience
- 5 or more years of hands-on penetration testing related experience related to infrastructure and web applications
- 2 or more years hands-on experience with breach and attack simulation tools
- Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)
- Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
- Expert knowledge of OWASP Top 10 and ability to articulate web security risks
- Experience with MITRE ATT&CK framework and adversary tactics, techniques and procedures
- Solid understanding of penetration testing standards and process, including the development of documentation such as rules of engagement, scope, and remediation reports
- Familiarity with Information Security risk ranking scales and derivation
- Broad knowledge of IT Security technologies and a solid understanding of architecture, design, deployment and management of information systems
- Experience testing solutions deployed in a public cloud environment (IaaS, PaaS, SaaS)
- Recent experience with Agile development/Scrum teams and operating in a Kanban model
- Direct experience with common change management procedures and platforms
- Solid understanding of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
- CISSP, CEH, OSCP, GWAPT, GPEN, or other penetration testing and security-related certifications are highly desired.
Responsibilities
- Conduct infrastructure, web application, API, and mobile application penetration testing.
- Develop, document and administer the entire penetration testing lifecycle during engagements.
- Conduct breach and attack simulation operations against CSAA systems to identify gaps in prevention, detection, or response.
- Research, develop, and apply TTPs of relevant threat actors to simulated attack scenarios.
- Provide subject matter expertise on the remediation of discovered vulnerabilities and gaps in security response.
- Leverage threat intelligence to hunt for indicators of compromise and vulnerabilities.
- Develop, deploy, manage and improve breach and attack simulation tools and related processes.
- Design, develop and manage red and blue team exercises and processes contributing to purple team evaluation and response.
- Provide team guidance and mentoring as a subject matter expert in purple team activities.
Preferred Qualifications
- Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
- Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
- Travels as needed for role, including divisional / team meetings and other in-person meetings
- Fulfills business needs, which may include investing extra time, helping other teams, etc.