Penetration Tester II
West Des Moines, IA, US
Heartland Business Systems
Description
Position Summary:
The Penetration Tester II will conduct technical testing which includes but not limited to vulnerability scanning, penetration testing and social engineering to identify security risks. Based on the results of the testing this position will then make recommendations for improvements through administrative, technical and physical controls. This position will also assist with incident response investigations and documentation surrounding the incident.
Roles and Responsibilities/ Essential Functions:
- Perform vulnerability scanning and penetration testing of Client’s infrastructure, systems and applications in accordance with best practices and regulatory requirements.
- Communicate identified risks with Heartland’s clients and provide recommendations for risk mitigation.
- Perform social engineering assessments such as email phishing, pretexting phone calls and physical entry, as well as provide recommendations for risk mitigation.
- Assist Information Security Consultants with review or analysis of technical projects and troubleshooting.
- Assist the Sales Team Member efforts by supporting initial scoping conversations and performing needs analyses to help drive business development efforts. Identify additional opportunities within existing client base and work with client to expand usage of Heartland’s service portfolio.
- Contribute to marketing activities by providing content suggestions and writing blog articles covering technical topics -- and attending trade shows, conferences, and professional association chapter meetings.
- Maintain a minimum of 1350 hours billed per fiscal year, prorated based on start date. These charge hour requirements will be balanced against professional development and on the job training.
Requirements
Competencies:
- Accountability: Accountability looks at the extent to which an individual is willing to accept responsibility.
- Ambition: Ambition looks at the extent to which an individual demonstrates drive and initiative in seeking personal advancement or recognition.
- Business Acumen: Business acumen looks at the ability of the individual to understand and discriminate between various business related topics and issues. This includes insight into, and understanding of, specialized business concepts.
- Communication: Ability to promote understanding through exceptional written, oral, interpersonal, and presentation skills.
- Detail Oriented: Detail orientation looks at the ability of the individual to pay meticulous attention to all aspects of a situation or task, no matter how small or seemingly unimportant.
- Ethical: Ethics looks at the ability of the individual to be guided by the company’s accepted principles of moral conduct.
- Organized: Organizational skills looks at the ability of the individual to be structured and methodical in working skills.
- Persistence: Persistence looks at the ability of the individual to continue in a course of action in the face of adversity.
- Working Under Pressure: Working under pressure looks at the ability of the individual to maintain composure when exposed to stress.
Required Experience:
- 2+ years working with penetration testing, vulnerability scanning/assessments
- This can be on the job or demonstrated knowledge leveraging a platform like TryHackMe or HacktheBox
Preferred Experience:
- 3+ years working with the following utilities - Nessus, Metasploit, BurpSuite
- 2+ years managing small projects
- Ability to write executive level reports showcasing findings and recommendations
Required Skills, Education and/ or Certifications:
- Certifications: eJPT, Certified Ethical Hacker CEH, or GIAC Penetration Tester GPEN
- Ability to work within a team environment
Preferred Skills, Education and/ or Certifications:
- Professional Certifications Preferred – e.g., OSCP, PNPT
Equal Opportunity Employer - Including Disabled and Veterans
#HBS
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Burp Suite CEH GIAC GPEN Incident response Metasploit Nessus OSCP Pentesting
Perks/benefits: Career development Conferences
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.