Lead Penetration Tester

Role: Lead Penetration Tester

Synonymous Business Title: Security & Compliance Program Manager – Cloud

Location: Dallas, TX or Scottsdale, AZ – works remotely

Overview

Blue Yonder is seeking a Lead Penetration Tester who would be responsible for leading and conducting penetration test activities against our private and public network, etc. As needed, this candidate will also conduct a Penetration Test for the customer environments. This member will play a key role in evolving our Red Team. This role will be a senior role and someone with strong experience is preferred. 

The candidate will work with leading Pen Test vendors to create SOWs and engage penetration testing activities as needed. The candidate would also create a solid internal penetration testing program to determine the security posture of the organization and provide meaningful feedback to the stakeholders.

Scope/Responsibilities

• Create and maintain a solid penetration testing program for the organization, a key role within security organization

• Conduct all the penetration activities for the Blue Yonder infrastructure

• Co-ordinate customer requests for penetration testing

• Focus on all the phases of penetration testing including, Information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, remediation activities

• Out of several thousand assets, identify the assets that need prioritization to be assessed

• Potential to expand to a Red team with a focus on validating the security controls and security tools that are in place

• This candidate would ultimately create awareness about the extent of compromise one could make with the current security posture – so that the asset owners can truly understand the security posture of their products and their network

• Creates processes for the penetration testing program considering all the phases of the program

• Leverage vulnerability scan results from all the scanners

• Leverage threat intelligence information to raise the bar on Pen Testing program

• Evaluate threats, vulnerabilities and risk in cloud platforms like Azure, AWS, etc.

• Be responsible for not only identification of results but to provide solid feedback to the stake holders and to reduce the risk exposure

• Capable of validating security controls that are in place with the organization like intrusion prevention systems and intrusion detection systems, etc.

• An expert in post exploitation to truly determine the extent of compromise, upon identifying vulnerabilities

• Describe the root cause and impacts to the asset owners

• Demonstrate the risk through verbal and video demonstration in layman terms as needed

• Reduce the open vulnerabilities by providing remediation guidance and feedback as needed

• Document and track all the hacking activities for Management and auditors

• Represent the team for internal and external auditors as needed

• Review reports for each assessment before it is sent to the asset owners or to the customers

• Participate in and assist with incident response team, as appropriate.

• Generate metrics for the Management as needed.

• Prepare system security reports by collecting, analyzing, and summarizing data and trends

• Any other security related duties assigned by the Management.

What We Are Looking For

Minimum Qualifications:

• 10+ years of Penetration Testing, Ethical Hacking and/or Red Teaming experience.

• Must have worked with products/tools such as Qualys, Tenable, Nexpose, Metasploit, Core Impact, Burp Suite, Cobalt Strike, etc.

• Certifications such as OSCP, OSCE, CRTP and/or GPEN.

• TTP (Tactics, Techniques and Procedures) such as Mitre Framework.

Preferred Qualifications:

• Bachelor’s degree in information security, MIS, or Computer Science highly preferred. 

• Deep and diverse experience architecting and implementing network security designs.

• Expertise in network security, system security and endpoint security.

• Education and experience in public cloud infrastructure such as Microsoft, Google, AWS, or IBM.

• Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.

• Ability to work in different shifts to partner with the global team.

-------------------------------------------

The salary range for this position is $120,335 - $151,665.

The salary range information provided, reflects the anticipated base salary range for this position based on current national data.  Minimums and maximums may vary based on location.  Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors.  In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position.

At Blue Yonder, we care about the wellbeing of our employees and those most important to them. This is reflected in our robust benefits package and options that includes: 

• Comprehensive Medical, Dental and Vision 

• 401K with Matching 

• Flexible Time Off 

• Corporate Fitness Program 

• A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more

At Blue Yonder, we are committed to a workplace that genuinely fosters inclusion and belonging in which everyone can share their unique voices and talents in a safe space. We continue to be guided by our core values and are proud of our diverse culture as an equal opportunity employer. We understand that your career search may look different than others, and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equity (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.