Pen Tester - Fortalice Solutions United States Bookmark Share Print 1005 0 3

Listing Description

Priority duties and responsibilities

● Independently recognize and safely utilize attacker tools, tactics, and procedures.

● Lead and participate in Red Team engagements.

● Perform complex web and mobile application testing.

● Perform complicated social engineering assessments.

● Develop comprehensive and accurate reports and presentations for both technical and

non-technical audiences.

● Expertly Scope and win prospective engagements.

● Assess and determine the exploitability of challenging targets.

● Identify unique security risks within applications, security controls, and network

infrastructure.

● Execute and report on complex testing activities and outcomes.

● Conduct in depth research and development of new security technologies and

techniques.

● Independently develop scripts, tools, or methodologies to enhance Fortalice’s offensive

assessment capabilities.

● Review and critique network and network security solutions, applying your deep level of

knowledge and wealth of experience to evaluate compliance with operational and

mission requirements, such as scalability, maintainability, security, reliability, flexibility,

availability, and manageability.

● Communicate clearly and completely to clients in all matters related to offensive

security risk & vulnerabilities.

● Review and critique complicated system and network security solutions.

● Individually develop detailed reports on findings and remediations.

● Execute external/internal vulnerability assessments under the general direction of the

Director of Offensive Operations.

● Perform various high level social engineering assessments, including spear phishing

email attacks.

● Lead and execute numerous IT general control audits.

● Lead and execute external/internal vulnerability assessments.

● Lead and participate in efforts to develop new cyber capabilities and methodologies.

● Interface with clients all levels within the customer management chain to determine

and understand their needs.

● Develop high quality and detailed reports on findings and remediations.

● Provide ad hoc penetration testing as necessary for defects/issues identified by the

industry.

● Provide expert-level application security consulting SME Support to clients.

● Develop and review complex malicious use cases and threat models.

● Independently deliver innovative solutions and services to customers by emulating

modern attacker tools, techniques and procedures (TTP) to evaluate clients’ ability to

detect and appropriately respond to penetration testing (red/blue/purple)

engagements.