SMART IT People is seeking a Penetration Test Engineer to work across a variety of technical disciplines and partner with various teams to ensure risk is reduced and the enterprise security strategy is carried out. This position will also work closely with other security staff and may represent the interests of the broader Information Security team to the rest of the enterprise. M-F 8am to 5pm.
- B.S. Degree in Computer Science w/7+ years of experience.
- Minimum 3 years' experience in information security.
- Self-motivated security professional with a desire for continual learning.
- Familiarity with OWASP.
- Understanding of basic cryptography uses in modem enterprise applications.
- Some previous experience with basic system and/or network administration.
- Strong analytical and problem-solving skills.
- Strong interpersonal, written, and oral communication skills.
- Strong customer service and solution-focused orientation.
- Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is
- Development or scripting knowledge highly desired.
- CISSP certification plus at least one penetration testing certification- OSCP, GPEN, etc.
- Experience testing OT networks and related devices.
- Knowledge of firewall and network segmentation concepts.
- Reverse engineering
- Exploit development
- Threat modeling
- Knowledge of industry regulations such as PCI and HIPAA a plus.
- Perform both black box and white box penetration testing engagements against infrastructure and applications using a variety of tools.
- Discover assets (IP's, subnets, domains, web applications, etc.) associated with various subsidiaries in order to populate the enterprise risk registry.
- Test internal and customer-facing web applications for vulnerabilities, and be able to articulate the threats that those vulnerabilities represent.
- Perform penetration testing against API's, and be able to explain the risks associated with identified vulnerabilities.
- Carry out vulnerability and penetration tests against native mobile applications.
- Participate and lead red teaming exercises in order to test the responsiveness and defenses of other security and IT teams.
- Participate and lead targeted attack simulations against company and subsidiaries.
- Document vulnerabilities uncovered in testing, and communicate the impact of exploitation to appropriate IT and business personnel.
- Lead and participate in technical security reviews of infrastructure components, identifying vulnerabilities that could be exploited.
- Articulate common practices and tactics used by malicious software and threat actors, along with associated remediation, to other IT teams.
To apply, please send your resume in MS Word format to firstname.lastname@example.org with job title in subject line.
Penetration Test Engineer