Penetration Tester Specialist - Red Team

GENERAL DUTIES & RESPONSIBILITIES
• Exploits information security vulnerabilities and security misconfigurations to achieve the highest level of security access possible.
• Records high level details of the penetration testing process from note taking during procedure to consolidated deliverable reporting.
• Assesses and calculates risk based on vulnerabilities and exposure discovered during testing.
• Performs validation testing of security vulnerabilities that have been remediated and provide evidence for correction and closure.
• Develops and maintains penetration testing procedures and methodologies for departmental use.
• Collaborates with cybersecurity teams to maintain the company’s information security policies and procedures.
• Researches and experiments with new threat vectors and develops Proof of Concept code and attacks.
• Develops new tools to achieve exploitation that reveals security weaknesses.
• Debriefs technical and non-technical audiences on the threat assessment reports that outline penetration test findings.
• Other related duties assigned as needed.
EDUCATION REQUIREMENTS
Bachelor’s degree in Computer Science, Cyber Security, or the equivalent, and/or 5 years’ experience in the information security industry. One or more relevant professional certifications such as (OSCP) Offensive Security Certified Professional, (GPEN) GIAC Penetration Tester, (OSWE) Offensive Security Web Expert, (GWAPT) GIAC Web Application Penetration Tester.
GENERAL KNOWLEDGE, SKILLS & ABILITIES
• Strong understanding of various web technologies and testing methodologies
• Demonstrates and ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience
• Excellent communication skills including the ability to render concise reports, summaries, and formal presentations
• Must have experience and be very proficient with the common tools associated with penetration testing (Metasploit, Burp Suite, Cobalt Strike, etc.)
• Sound knowledge of OWASP Top 10 and other security standards
• Demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Must be able to both work independently as well as effectively work in teams with individuals with a variety of skills and backgrounds.
• Expertise in at least one related functional area: Network Security, Reverse Engineering, Programming, Databases, Mainframes, Web Applications, etc.
• Must have one or more of the following:
Applications/System development experience
Linux and Windows in-depth proficiency
Familiarity with XML, SOAP, and AJAX
Proficient with programming/scripting languages

FIS JOB LEVEL DESCRIPTION
Expert career role individual contributor role. Highly experienced professional with broad experience and unique knowledge. Able to act independently to resolve highly complex problems. Is regarded as a leader and expert in their field. May coordinate and guide the work of others. Barriers to entry, senior management review required. Requires 7 years of experience in Penetration Testing and has demonstrated mastery in multiple disciplines (Mobile, Application, Network, Red Team). Achieved professional certifications that require hands-on, practical examinations. Mentors junior members of the team.

Privacy Statement

FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice.

Sourcing Model

Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.

#pridepass