Job description

• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, Servers, switch, routers, firewall, and mobile applications/devices.
• Develop and maintain security testing plans
• Automate penetration and other security testing on networks, systems and applications
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Produce actionable, threat-based, reports on security testing results
• Act as a source of direction, training, and guidance for less experienced staff
• Mentor and coach other IT security staff to provide guidance and expertise in their growth
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
• Foster and maintain relationships with key stakeholders and business partners
• Security assessment tools (such as Nessus, Nmap, Aircrack-ng, Burp Suite, SQLmap)
• Security frameworks (such as NIST, SOX, HIPPA, ISO)
• Operating systems (such as Linux, Unix, Windows)
• Hands on experience with testing frameworks such as the PTES and OWASP
• Critical thinker and problem solver
• Excellent organizational and time management skills.
• Certificate preferred CEH, CCNA.