Cybersecurity Pentester

The role involves performing penetration testing and vulnerability assessments to protect software, systems, and information within a company, primarily in the cybersecurity domain.

Location: United States

Responsibilities

• Performs internal penetration testing and external red teaming of networks, systems, and applications within scope and rules of engagement.
• Runs web application vulnerability software to detect security issues in web applications.
• Analyzes output of web application test scans to determine valid security issues.
• Conducts regular meetings with business unit stakeholders to assess remediation efforts from pentest findings.
• Gathers security-related information across multiple environments and reports potential security threats.
• Participates in security audits to minimize vulnerabilities.
• Uses penetration testing methodologies to validate vulnerability remediation.
• Reviews application code reports on vulnerabilities.
• Performs extensive internal network reconnaissance using various tools and data sources.
• Performs web application testing focusing on vulnerabilities like XSS, SQL injection, TLS issues.
• Performs other duties as assigned.
• Adheres to corporate policies including the Code of Business Conduct and Ethics.
• Complies with Risk Management program requirements.

Requirements

• Bachelor's degree in computer science, MIS, or related field or equivalent experience.
• 1-3 years’ experience in information security in various security disciplines.
• Certifications such as OSCP, CRTO, CRTP, OSEP, GXPN, or similar are a plus.
• Solid understanding of OWASP and other security best practices.
• Strong technical ability in manual and automated penetration testing.
• Knowledge of threat modeling methodologies.
• Knowledge of social engineering techniques.
• Experience with exploiting vulnerabilities in enterprise environments.
• Experience with assessment tools like scanners, proxies, debuggers, fuzzers.
• Excellent problem solving, planning, and interpersonal skills.
• Ability to interpret business challenges and recommend best practices.
• Experience with Windows, UNIX, Linux OS security and administration.
• Intermediate experience with tools like Burp, OWASP ZAP, NMAP, OpenVAS, Cobalt Strike, SQLmap, Mimikatz, Metasploit.
• Intermediate experience with programming languages such as C++, Perl, Python, Ruby.
• Knowledge of attack methods including malware, vulnerabilities, lateral movement.
• Experience creating detailed penetration test reports.
• Experience with reconnaissance, exploitation, lateral movement, malware analysis, reverse engineering.
• Ability to prioritize tasks in a dynamic environment.
• Strong communication skills and understanding of IT security concepts.
• Knowledge of network protocols, data flows, vulnerabilities, and industry standards like PCI.

Additional Information

• Standard work environment.
• Travel required, may be domestic or international.
• Applicants must be authorized to work in the US; no sponsorship offered.
• Opportunities for growth, career development, and competitive compensation.
• Visit ACI Worldwide's website for more info.