Job Summary
Plan and conduct vulnerability assessments and penetration testing on web and mobile applications. Oversee the work and mentor junior information security analysts (ISA1). Conduct classroom training and orientations.
JOB RESPONSIBILITIES
• Interacting With Computers - Using computers and computer systems (including hardware and software) to program, write software, set up functions, enter data, or process information.
• Getting Information - Observing, receiving, and otherwise obtaining information from all relevant sources.
• Analyzing Data or Information - Identifying the underlying principles, reasons, or facts of information by breaking down information or data into separate parts.
• Evaluating Information to Determine Compliance with Standards - Using relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
• Communicating with Supervisors, Peers, or Subordinates - Providing information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person.
REQUIREMENTS AND SKILLS
- At least 3 years experience in Vulnerability Assessment and Penetration Testing
- Working familiarity with OWASP ASVS and mASVS
- Familiarity with audit tools such as Burp Suite, or OWASP Zap
- Experienced with the following tasks:
- Plan and conduct manual and automated vulnerability assessments and penetration testing for servers, networks, web, and mobile applications, including application programming interfaces (APIs)
- Document the findings
- Present to the stakeholders
- Assist in remediation efforts
- Conduct training on cybersecurity topics
- Holders of OSCP, Security+, CEH, and CCNA Security certifications are preferred
- Experience with social engineering and red-teaming is a plus
- Experience with Data Privacy is a plus