Penetration Test Engineer - Senior (R-00004)
100% Remote
True Zero Technologies
True Zero specializes in creating cybersecurity programs and software solutions that enable agency leaders to run a proactive defense, with better intelligence and more efficient collaboration.True Zero Technologies is looking for qualified candidates to fulfill the role of Senior Penetration Test Engineer Job Description As a Senior Penetration Testing Engineer, you will possess solid industry experience in the public sector and/or commercial spaces; relevant technical certifications; and, proven experience designing, configuring, and conducting a variety of penetration testing situations and scenarios focused on cybersecurity and technology assets and networks. You will have experience packaging, presenting, remediating, and escalating penetration testing results, plans, and actions to appropriate related teams and stakeholders. This position requires strong technical, communications, and problem-solving skills, and the ability to engage and interact with numerous teams. The ideal candidate will have a passion for cybersecurity, the ability to think outside of the box, and be attentive to detail. Candidates should possess the following qualifications and be able to demonstrate deep competency in most of the requirements listed below:
Qualifications / Requirements
- Minimum 5+ years’ experience in a cybersecurity, technology, and/or network penetration testing role, conducting penetration tests or red-team assessments
- US citizenship required, and candidates must be willing to be submitted for a US Government background investigation
- Experience using common penetration testing tools such as Metasploit Framework and Burp Suite Pro
- Experience using and exploiting operating systems including Windows and Linux
- Experience with advanced exploitation methods or exploitation development
- Experience conducting cyber operations and exploitation
- Understanding of common scripting languages
- Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE)
- Understanding of US Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), NSA Guides, National Checklist Program (NCP) or Common Secure configurations
- Excellent written and verbal communication skills, demonstrating the ability to effectively convey technical information to both technical and non-technical audiences
- Experience with a variety of testing use cases including, but not limited to external, internal, social media, cloud providers environments, application toolkits and development, SCADA environments, operational environments, wired and wireless networks, etc.
- Education: Bachelor’s Degree in Cybersecurity or related field preferred
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Web Expert (OSWE)
- Certified Ethical Hacker (CEH)
- EC-Council Certified Security Analyst (ECSA)
- Certified Ethical Hacker (CEH) Practical
- EC-Council Certified Security Analyst (ECSA) Practical
- Licensed Penetration Tester (LPT) Master
- Certified Information Systems Security Professional (CISSP)
- CompTIA PenTest+
- GIAC Certified Incident Handler (GCIH)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- GIAC Assessing and Auditing Wireless Networks (GAWN)
Possess three or more of the following:
Responsibilities
- Conduct web application, mobile application, phishing, network, wireless, and operational technology penetration tests
- Conduct security assessments of cloud environments and application source code review
- Conduct penetration tests in accordance with standard methodologies (i.e. OWASP, NIST, PTES)
- Use common penetration testing and red-team tools, tactics, techniques, and procedures
- Utilize custom penetration testing tools, frameworks, and infrastructure
- Assess risk of discovered vulnerabilities based on likelihood and severity of exploitation
- Deliver technical reports on detailed findings and vulnerability remediation recommendations
- Collaborate with clients throughout an assessment on status and vulnerability information
- Coach and mentor penetration testing team experts
- Provide professional development and human resources management of the team
- Participate in business financial management of the penetration team
- Competitive salary, paid twice per month- Best in class medical coverage- 100% of medical premiums covered by True Zero- Company wide new business incentive programs- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)- 3 weeks of PTO starting + 11 Paid Holidays Annually- 401k Program with 100% company match on the first 4%- Monthly reimbursement of Cell Phone and Home Internet costs- Paternity/Maternity Leave- Investment in training and certifications to broaden and deepen your technical skills
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation Burp Suite CEH CISSP Cloud CompTIA CVSS ECSA Exploit GCIH GIAC GPEN GWAPT GXPN Linux Metasploit NIST Offensive security OSCE OSCP OSWE OSWP OWASP Pentesting SCADA SCAP Scripting Security assessment STIGs Vulnerabilities Windows
Perks/benefits: 401(k) matching Career development Competitive pay Health care Medical leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.