*Penetration Tester II* *Scottsdale, Arizona*
*Open, 6+Mts* Job Description *Essential Functions * - Works as an individual contributor for smaller efforts and as part of a team for larger efforts. - Conduct internal and external network penetration tests. - Conduct internal and external graphical user interface web application penetration tests. - Conduct internal and external web services application penetration tests. - Conduct wireless network penetration tests. - Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test. - Responsible for submitting tickets for remediation of vulnerabilities and potential issues found during penetration tests. - Work with Security Architects and Security Engineers to gather information and conduct penetration tests. - Review and process static source code vulnerability analysis reports for developed applications as directed. - Evaluate commercial and open source tools to be used for the purposes of penetration testing. - Maintain demonstrable knowledge of current vulnerability exploitation techniques. - Strong understanding of TCP/IP. - Mentor junior Penetration Testers as needed. - Complies with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained Required Experience *Minimum Qualifications* - Education or experience equivalent to a Bachelor’s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field. - Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques. - 4 years of general security penetration test experience. - 4 years of general IT or information security experience. - Working knowledge of communication network technologies. - Working understanding of Active Directory, Exchange, and SharePoint. - Advanced working understanding of penetration test and security assessment procedures. - Advanced working understanding of information gathering techniques and processes. - Advanced working understanding of web application technologies such as programming languages (AJAX, PHP, Perl, SOAP-based web services, Java, JavaScript, C# and/or .Net, ASP), web servers, application servers, web services, web browse technologies, common vulnerabilities, security best practices, automated testing tools, manual testing tools, - Perl, Python, shell, VB or other scripting language skills required. - Advanced working knowledge of relational databases. - Comfortable using, configuring, troubleshooting, and administering UNIX, Linux, Mac OSX, and Windows operating systems. - Experience using the Backtrack/Kali Linux suite of penetration test tools. - Have a broad advanced understanding of various commercial, open source, and freeware penetration test tools. - Proficient using proxies for web application penetration tests. - Proficient using fuzzing techniques for all types of penetration tests. - Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures. - Ability to work independently and within a team environment. - Effective interpersonal skills. - Must demonstrate advanced stages of Pwniephobia – The fear of one’s computer or mobile device being compromised by crafty attackers either through loss of control or ninja like social engineering. A fear commonly brought on by the embarrassment of a previous compromise. Usually in the presence of co-workers, peers, or persons whom impressions of poor information security practices are heavily weighed. - Ability to present to peers, coworkers, and customers. - Experience in analyzing risk associated with security vulnerabilities required. - Strong writing skills. - Approved background and drug screen is required *Preferred Qualifications* - Application Development background - Social Engineering experience - Certified Ethical Hacker (CEH) or equivalent certification - Certified Penetration Tester (CPT) or equivalent certification - Additional related education and/or experience preferred *Regards,* *Rahman, * *Sr Resource Recruiter* *[email protected] <[email protected]>* *703 246 1849* -- You received this message because you are subscribed to the Google Groups "Open Source J2EE frameworks" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/open-source-j2ee-frameworks. For more options, visit https://groups.google.com/d/optout.
