Penetration Tester Job at Shedd RS, Washington DC

dFlCOThSL3QyU1BIRWlEdElWaUNjT1d5OGc9PQ==
  • Shedd RS
  • Washington DC

Job Description

We are looking for a Penetration Tester to join our client’s team on an upcoming Security and Privacy Assessment project in the non-profit telecommunications industry. The Pen Tester will complement risk assessments as ongoing defense against technical security threats of weakness exploitation for the same systems.

This role is hybrid remote with some in-person support required at the customer's location in Washington, DC. This is a direct hire position with a salary range of $120-150k.

Responsibilities Include:
  • Penetration Testing:
    • Conduct annual penetration testing of IT Systems.
    • Ad hoc penetration testing as assigned for targeted applications, subsystems, or in response to emerging threats.
    • Penetration testing for ATO-oriented assessments and ISPCM-oriented assessments.
    • Conduct additional penetration tests as requested to accommodate schedules or ongoing authorization status for an authorized system, as required.
  • Vulnerability Assessment:
    • Analyze and assess potential security risks and vulnerabilities.
    • Conduct vulnerability scans and risk assessments on a variety of platforms.
  • Reporting and Documentation:
    • Document and report findings with clear and actionable recommendations.
    • Prepare detailed penetration testing reports and executive summaries.
  • Security Recommendations:
    • Provide expert guidance on remediation strategies to mitigate identified vulnerabilities.
    • Collaborate with IT and development teams to implement security improvements.
  • Security Research:
    • Stay updated with the latest security trends, threats, and technology developments.
    • Research new attack vectors and develop new testing methodologies.
  • Compliance and Best Practices:
    • Ensure compliance with industry standards and regulations (e.g., PCI-DSS, GDPR, HIPAA).
    • Advocate for security best practices across the organization.
    • Perform testing for OWASP Top Ten
  • Training and Mentorship:
    • Mentor junior penetration testers and provide training to staff on security awareness.
    • Conduct workshops and training sessions to promote security knowledge.
Required Skills, Qualifications, and Experience:
  • Certifications:
    • Must have and maintain at least one of the following current certifications: GIAC Penetration Tester ("GPEN"), Certified Ethical Hacker ("CEH"), CompTIA PenTest+, or Licensed Penetration Tester Master ("LPT").
  • Experience:
    • Minimum of 5 years of professional experience in penetration testing and ethical hacking.
    • Proven track record of conducting successful penetration tests.
  • Technical Skills:
    • Proficiency in using penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
    • Strong understanding of network protocols, operating systems, and web application security.
    • Experience with scripting languages (e.g., Python, Bash) for automation of tasks.
    • Knowledge of various security frameworks and standards (e.g., OWASP, NIST).
  • Soft Skills:
    • Excellent problem-solving skills and analytical thinking.
    • Strong communication skills, both written and verbal.
    • Ability to work independently and as part of a team.
Preferred Qualifications:
  • Experience in a similar role within a large enterprise or consulting environment.
  • Familiarity with cloud security testing (e.g., AWS, Azure).
  • Experience with mobile application security testing.
  • Advanced knowledge of social engineering techniques.
  • Experience developing Penetration Testing documents, such as scoping documents, ROE and reports.
  • Proficiency in Python programming.
  • Experience in leading internal and external pen tests.
  • Experience in all phases of the Penetration Testing Process.
  • Experience with numerous pen testing tools (Nmap, Burp, curl, wget, Nessus, Nikto, SQLMAP etc.).
  • Experience with database scanning tools.
  • Experience with web application scanning tools.
  • Experience with phishing tools.
  • The ability to write compelling documentation.

Job Tags

Remote job,

Similar Jobs

Total Energies

Procurement Intern Job at Total Energies

 ...Candidate Profile What you will bring: ~ Currently a Junior or Senior pursuing a degree in Supply Chain Management, Business, Data Analytics or related field. Ability to successfully work with cross range of teams including purchasing, legal, finance, sales... 

City of Boston

Air Quality Project Manager Job at City of Boston

 ...air goals. On September 19, 2020, the APCC amended the freeze regulations to strengthen program administration. The Air Quality Project Manager will work with the APCC and other City agencies, residents, businesses, and institutions to administer programs, identify obstacles... 

Nike Communications, Inc.

Senior Account Executive (Lifestyle) Job at Nike Communications, Inc.

 ...inclusivity and equity is a fundamental responsibility shared by everyone within our agency. More About the Role Join our Lifestyle team as a New York-based Senior Account Executive! Dive into a dynamic role, working on a variety of accounts across the Lifestyle... 

Apple Inc.

Executive Travel Consultant Job at Apple Inc.

As an Executive Travel Consultant, you will deliver exceptional service and support to the Apple executive team and their assistants. You will be recognized as the expert on all travel related inquiries and reservation needs. Problem solving and extraordinary people skills... 

Four Eighteen Logistics

Box Truck Owner/Operator for Amazon Routes in Milwaukee, WI (non-CDL) Job at Four Eighteen Logistics

Four Eighteen Logistics is searching for dependable Box Truck Owner/Operators (non CDL) to safely and efficiently transport Amazon freight. We need drivers for routes departing from Kenosha, WI. Requirements: 1. Must CURRENTLY own, lease or rent a 24 or 26 foot box...