Penetration Tester

---

Job description

Robert Half is seeking an experienced Penetration Testing Lead who is responsible for assisting with continuous development of day-to-day operations of the Enterprise Information Security (EIS) organization and to help introduce efficiencies that can streamline internal processes and procedures to drive automation & operational maturity. The candidate would have the ability to research, develop, and keep abreast of testing tools, techniques, and process improvements in support of vulnerabilities, Proof-of-concepts, in-the-wild exploits, security detection, analysis and response.

Specific responsibilities include:

• Perform penetration testing of company owned systems
• Perform penetration testing of company applications
• Perform penetration testing of company networks
• Utilize existing security tools and develop and/or deploy additional tools that enable increased visibility and awareness of known and potential threats.
• Create testing methods to identify vulnerabilities
• Identify methods and entry points of value to attackers
• Ability to utilize proof-of-concept code to determine enterprise vulnerability/exploitation
• Review and provide feedback on proposed configuration changes
• Create repeatable processes to handle routine requests for compliance/governance
• Utilize automation to support workload
• Create scoped assessments based on business need
• Participate in investigations of suspected information technology security misuse or in compliance reviews as requested by auditors.
• Document security architecture, infrastructure components, and operating procedures to help maintain and manage a service catalog.
• Be a thought leader and mentor to junior staff to help the team grow and enhance their skills.
• Provide users and management with technical support on matters related to information security such as the criteria to use when selecting information security products from the service catalog.
• Assist with the designing, engineering and administering of a full range of information security systems, auditing information and physical security (as it relates to information technology) solutions and overall security environment including endpoint, network, server, application and cloud security.
• Ensure that secure practices, procedures, and policies are designed and implemented, provide input into future state decisions regarding information security technology design.
• Be a critical contributor to the overall improvement of security operations effectiveness by working closely with internal and external teams to understand threats, security gaps, process needs, etc.
• Develop and deploy automation for repetitive tasks, forensic data collection, and other useful methods as appropriate.
• Develop and maintain metrics that clearly show material KPI's for security controls and practices.

Qualifications:

• Master's degree in Computer Science, Information Security or other related field required or 7+ years' required experience in related field preferred
• OSCP, CEH, CPT, CEPT, GPEN or other experienced industry standard penetration testing Certification(s) required
• 7+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design, networking, administration, identity or other responsibilities preferred
• 5+ years' experience in information security required
• Work independently and troubleshoot technical and business process related issues
• Develop subject matter expertise in the entire information security stack
• Develop technical testing solutions for internal consumption
• Ability to appropriately analyze and scope vulnerability disclosures, CVEs
• Expertise in OWASP
• Experience managing and working penetration tests for a large enterprise
• Excellent understanding of threat vectors and containment methods
• Experience with multiple and current Endpoint Detection and Response solutions
• Experience with Vulnerability Management concepts and best practices
• OS (Windows, Linux and Mac OS, mobile OS's)
• Expertise of networking concepts protocols and encryption
• Expertise of application security practices and tools
• Excellent written and verbal skills. Ability to present topics to all varying levels of the organization
• Expertise in programming/scripting languages strongly preferred: Python, PowerShell, Bash, C/C++/C# etc.
• Expertise of Metasploit or similar tooling
• Expertise of penetration testing security tooling, such as Kali Linux
• Expertise of Burp suite or similar tooling
• Purple team experience