Listing Description
To ensure fastest possible review of your application, please apply via this link: http://smrtr.io/_Dm9
Qualifications:
Bachelor's degree in a technical field
Experience with internal/external/web application penetration testing
Familiarity with application DevOps concepts, tools, and technologies
Experience with assessing coding best practices with the following: Java, JavaScript, Perl, Python, Ruby, Bash, C or C++, C#, PHP, or SQL
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
Knowledge of applications, database, Web server design, HTML, and implementation
Understanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocols
Knowledge of open security testing standards and projects, including OWASP
Network penetration testing and manipulation of network infrastructure
Actively discover, enumerate, fingerprint, and map target systems
Conduct automated vulnerability testing
Research known vulnerabilities and manually validate scanner findings
Mobile and/or web application assessments
Email, phone, or physical social-engineering assessments
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Developing, extending, or modifying exploits, shellcode or exploit tools
Validate security weaknesses, research known attacks, develop custom tools and exploits, etc.
Reverse engineer thick clients, mobile apps, and proprietary binaries
Assess compliance posture against regulatory requirements such as NIST SP 800-53, OWASP ASVS, and ISO 27001
Document security weaknesses, including steps to reproduce
Analyze security findings, including risk analysis and root cause analysis
Research and propose practical remediation
Reverse engineering malware, data obfuscators, or ciphers
Source code review for control flow and security flaws
Strong knowledge of tools used for wireless, web application, and network security testing
Thorough understanding of network protocols, data on the wire, and covert channels
Ability to convey results clearly in formal technical reports and deliver briefings
Must be eligible to work in the US without sponsorship
Additional information:
Ability to work onsite in NYC
Ability to travel up to 40%
Reliable team player
Independent / capable of working effectively and efficiently with minimal supervision
Strong time management skills
Highly organized and detail oriented
Ability to successfully interface with clients (internal and external)
Ability to document and explain technical details in a concise, understandable manner
Ability to manage and balance own time among multiple tasks, and lead junior staff when required
Offensive Security Web Expert (OSWE) or SANS GIAC Web Application Penetration Tester (GWAPT) CertificationPerform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Recognize and safely utilize attacker tools, tactics, and procedures
Develop scripts, tools, or methodologies to enhance FireEye Mandiant’s red teaming processes
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
Listing Details
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute