Reference # 18-01951 Title Pen Tester III AWS/Cloud
Location Scottsdale, ARIZONA
Position Type Right to Hire
Experience Level Right to Hire
Start Date / End Date 13-12-2018 --- 30-11--0001
Overall Purpose
This position within the Penetration Testing team is one who will be responsible for leading efforts to find and document security vulnerabilities through approved penetration testing efforts for securing Early Warning systems, infrastructure, networks, and applications.

Penetration Tester III with AWS/Cloud experience. The AWS Cloud experience must be recent, and the candidate must be passionate about Pen Testing on Cloud Environments This is a high level senior Pen Tester that has come from a software development background and has transitioned into Security/Pen Testing or someone who has come from a DevOps Engineer environment and transitioned into Security/Pen Testing. The candidate should have programming skills in AWS and familiar with Terraform, Kubernetes, AWS/CLI and/or Docker.

Number One Skill:
  • Penetration Testing on AWS/Cloud, in talking with the manager.
  • They need to be able to program in AWS and have strong AWS Security skills.
Essential Functions
  • Leads internal and external security assessments and penetration tests, including mobile, web applications, web services, wireless and network penetration tests.
  • Leads penetration tests against systems of extreme complexity, writes reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
  • Train and support junior penetration testing staff
  • Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
  • Owns remediation of vulnerabilities and potential issues found during penetration tests.
  • Performs expert assessments and works with Security Architects and Security Engineers to identify complex vulnerabilities and own remediation.
  • Efficiently owns, performs and delivers security assessment reports and penetration tests, and oversees the remediation of all findings and recommendations
  • Performs static source code vulnerability analysis reports for Early Warning developed applications as directed.
  • Drives discovery of new vulnerability exploitation techniques and leads training for team members.
  • Performs expert threat modeling to identify all possible attack vectors
  • Support the company's commitment to protect the integrity and confidentiality of systems and data.
Minimum Qualifications
  • Successful completion of education or experience equivalent to a bachelor's degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
  • Minimum of two years mobile application penetration testing experience
  • Advanced knowledge of mobile application testing techniques, software, protocols and the ability to bypass common mobile application security controls
  • Expert level understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
  • Minimum of 4 years of general security penetration test experience and at least 3 years of general IT or information security experience.
  • Expert knowledge of TCP/IP, networking, web applications, databases, mobile, and cloud applications
  • Expert knowledge of penetration test and assessment procedures, as well as expert knowledge of remediation best practices
  • Proficiency with common scripting language(s) such as Python, Ruby, Bash, or Perl
  • Expert using, configuring, troubleshooting, and administering Kali Linux, Mac OSX, and Windows OS
  • Expert knowledge of the Kali Linux suite of penetration test tools.
  • Develops new and custom techniques for various types of security assessments and penetration tests
  • Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities. testing procedures, and remediation recommendations
  • Current with one or more of the following certifications: OSCP, eCRE, eNDP eWDP or eWAPT Certification or equivalent
  • Contribution of intellectual property to your current or previous employer to support the automation and repeatability of the penetration testing practice
  • Proven ability to research recommend and document repeatable defense solutions
  • Background and drug screen
Preferred Qualifications
  • Application Development background
  • Social Engineering experience
  • Delivery of talks or research to regional national Conferences or background in developing and delivering professional security training
  • Proven ethical disclosure of zero-day vulnerabilities either as a bug bounty hunter or as internal pen-tester.
  • Additional related education and/or experience preferred
Additional Job Description - Senior Level Penetration Testing experience with AWS and DevOps experience