Senior Security Consultant (Thick Application Penetration Testing)

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.

 We are seeking an experienced professional with demonstrated technical depth and breadth in Thick Application Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers.

Responsibilities:

• Perform thick application penetration tests
• Includes Web Application Penetration (WAPen) testing.
• Occasionally includes Mobile (MAPen) and IOT/embedded penetration testing.
• Create and deliver penetration test reports to clients.
• Collaborate with clients to create remediation strategies that will help improve their security posture.

• Research and develop innovative techniques, tools, and methodologies for penetration testing services.
• Participate in the ongoing development/enhancement of NetSPI services and processes, in addition to thought leadership (via blogs, presentations, white papers, webinars, podcast, vlogs and tweets.)
• Provide pre-sales support by assisting with scoping prospective engagements.
• Act as a resource for internal team members as it relates to in-depth technical questions or best practices.
• Responsible for QA activities in assigned service lines.

 Minimum Qualifications:

• Bachelor’s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience.
• 3-5 years of experience performing thick application penetration tests for applications written in “managed” (e.g. Java, C#, etc.) and “unmanaged” (e.g. C, C++, Swift, Rust, etc.) code
• Includes experience with offensive toolkits used in web application penetration testing.
• Experience with disassemblers and debuggers
• Examples include WinDbg, IDA, Ghidra, gdb and lldb.
• Experience with dynamic instrumentation toolkits
• Examples include Frida.
• Strong communication skills, both verbal and written.
• Knowledge of Windows and Linux.

Preferred Qualifications:

• Programming experience in one or more of the following languages: Python, C, C++, Java, C#.
• Experience performing fuzz testing.
• The ability to reverse engineer proprietary application layer protocols.
• Experience with IOT/embedded penetration testing.
• Knowledge of operating system internals for a general-purpose operating system (e.g. Windows, Linux, MacOS.)
• GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.