Senior Penetration Tester (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Penetration Tester (Cybersecurity): Performing hands-on vulnerability assessments and exploitation across on-premise and cloud-based networks and applications with an accent on security audits and compliance. Focus on exploiting a myriad of vulnerabilities, drafting technical deliverables, and mentoring junior associates.
Location: Remote (Must be based in the United States)
Company
A Top 50 CPA firm and leading provider of cybersecurity attestation and compliance services, including FedRAMP and PCI assessments.
What you will do
- Execute hands-on penetration tests and perform detailed vulnerability analysis.
- Exploit vulnerabilities across on-premise and cloud-based networks and applications.
- Draft project deliverables and document results in accordance with company standards.
- Manage client expectations and maintain high-quality professional relationships.
- Mentor and train newer team members to elevate their technical expertise.
- Contribute to practice development and the company's thought leadership.
Requirements
- 3+ years of experience in hands-on penetration testing.
- 1+ year of experience in web application penetration testing.
- OSCP certification is required.
- Proficiency with at least two scripting languages such as Python, Bash, JavaScript, or PowerShell.
- Competency in Windows, macOS, and Linux, and an understanding of cloud computing models.
- Must be authorized to work in the US (E-Verify will be used).
Nice to have
- CRTO or Burp Suite Certified Practitioner certifications.
- Knowledge of PCI and FedRAMP programs.
- Demonstrated enthusiasm for InfoSec via GitHub, blogs, or CTF participation.
Culture & Benefits
- Flexible remote working environment.
- Culture centered on the core value "People Come First".
- Annual travel for in-person training, team meet-ups, and strategy meetings.
- Certified as a Great Place to Work.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →