Summary
An intrusion tester is part of the security testing team and performs various types of security tests for clients. Tests may include wireless assessment, web application test, internal network assessment, external network assessment, phishing exercises, red team assessment, physical security assessment, code review, mobile application assessment, embedded device assessment and other types of security tests.
As a subject matter expert, the candidate is expected to coach other employees in techniques, tools and procedures related to his expertise. The candidate is also the owner of the testing methodology in regard to this expertise. The SME may also be expected to write tools, conduct research and improve the state of the art of the area of expertise.
Duties and responsibilities
- Perform security test, in accordance to our methodology
- Coach other employees in techniques, tools and methodology in regard to this expertise.
- Improve knowledge and conduct research in regard to the state if the art of the expertise.
- The Intrusion Tester-SME may write tools and publications.
- Report the technical findings in a report. Tester may have to present the report to clients with varying level of technical knowledge. A good capacity to explain business impact as well as technical issues is a plus.
- Act as an advisor to the client
- Answers clients' inquiries via phone or email in a professional and timely manner;
- Stay up-to-date on information technology trends, security standards and IT security news.
- Other duties as required.
Qualifications
- 5 years of relevant experience.
- Bachelor's degree in related field and/or equivalent education/experience.
- Knowledge of common pentesting methodologies (PTES, OSTMM), vulnerability scoring framework (CVSS, DREAD) and OWASP Top 10
- OSCP
- Should be eligible for Secret Clearance and not have any criminal records.
- Excellent written and verbal communication skills
- Energetic and positive attitude
- Exceptional ability to multitask and meet deadline