Job Description

SecureIT is a leading provider of cybersecurity, cloud and compliance advisory services. We are committed to quality and the relationships that we build with our clients.

At SecureIT, you will have the opportunity to work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. We foster an environment of continuous learning, professional growth and collaboration. SecureIT offers an exciting and rewarding career path with an excellent benefits package.

SecureIT is currently seeking an experienced penetration tester to perform security assessments of the network layer, web applications, and mobile applications.

Job responsibilities:

• Lead SecureIT’s stand-alone penetration testing projects, as well as pen testing activities in support of FedRAMP or other security audit/assessment projects
• Perform “heavy-lifting” activities on pen test engagements (network layer, web applications, and mobile applications), as well as red team exercises
• Leverage automated scanning, assessment, and exploit tools and (especially) perform focused manual testing procedures to identify and exploit vulnerabilities
• Meet with prospective clients to scope, price, and sell pen testing work, as well as provide scope and approach content for proposals and SOWs
• Lead communications with client technical staff and management, including formal reports and presentations
• Partner with and mentor other members of the pen testing team
• Assist in developing and maintaining SecureIT’s penetration testing methodologies and toolsets

Requirements:

• Minimum 5+ years total pen testing experience, with at least 3 years in a “lead pen tester” role
• Wide-ranging technical security knowledge across all layers of the stack, across various platforms, and across a variety of vendor products
• Expertise with standard tools (like Nmap, Nessus, BurpSuite, Metasploit) and advanced testing tools (like Cobalt Strike), as well as broad familiarity with open-source security projects and tools that can be leverage during testing
• Demonstrable expertise in manual testing and surfacing vulnerabilities and deficiencies that automated tools often miss
• Strong verbal and written communication skills, including the ability to effectively communicate technical security matters, including clearly elaborating on technical details for technical audiences and properly summarizing for non-technical management/business audiences
• At least one hands-on certification related directly to penetration testing (OSCP preferred, but others such as SANS GPEN accepted) and at least one other industry standard cybersecurity certification (such as CISSP)

Additional Desired Skills:

• Pen testing across cloud systems running on any of the “big three” hyper-scale cloud providers (AWS, GCP, and Azure)
• 1+ year experience in scoping, selling, and proposal-writing for pen testing engagements
• Coding experience to develop/modify testing scripts
• Red Teaming experience across a variety of project scopes and technical environments

Job Tags

Similar Jobs