• Find preferred job with Jobstinger
  • ID
    #17809562
  • Job type
    Contract
  • Salary
    TBD
  • Source
    MATRIX Resources, Inc.
  • Date
    2021-08-03
  • Deadline
    2021-10-02

Vacancy expired!

Terrific 12+ month contract opportunity in Florence, KY for a Penetration Tester. Will focus on testing for ATM's and related infrastructure, including both hardware and applications. Will constantly search for system and application weaknesses to exploit. Will collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the team strategy. While some automated tools will be leveraged, this is not solely a point-and-click role. It requires hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). Will participate in visible and announced assessments for new and existing services, infrastructure and applications to help the team identify weaknesses before an attacker does. Responsibilities include: • Work with teammates to consistently learn and share advanced skills and foster team excellence. • Document and formally report testing initiatives, along with remediation recommendations and validation. • Conduct tactical assessments that require expertise in application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products. • Develop and maintain tools and scripts used in penetration-testing team processes. • Train offensive and defensive colleagues on new TTPs and mentor junior teammates. • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary. • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage. Qualifications: • 3+ years of experience in information security administration, offensive tactics, vulnerability assessment and penetration testing, especially as related to ATM and related infrastructure, hardware and applications. • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby. • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit. • Experience conducting vulnerability assessments and penetration-testing engagements as a consultant or within a previous role in a professional organization. • Strong operating system knowledge across nix, Windows and Mac; proficient with networking protocols. • Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). • Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC). • Solid understanding of information security, including understanding applications, networking and various operating systems, along with tools and frameworks. • Up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise. • Excellence in communicating business risk and remediation requirements from assessments. • Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.

Vacancy expired!

Report job