About The Penetration Testing Team:
Our Penetration Testing Team at Ethical Intruder focuses on Red Team, Purple Team, Penetration Testing (Network, Web, Mobile, Cloud Environment, IoT, WIFI, OT and Physical). We work with our customers to ensure their infrastructure and technology is not susceptible to either internal or external threats that may cause our clients financial or reputation loss.
Our team is highly client interactive and not off isolated just in a lab. The team participates extensively in the full client cycle working with the clients including gathering scope, building unique test cases, prepping for the testing, executing the testing, reporting and client discussions with guidance on the results. While a technical job, we are looking to add team members that thrive in the full life cycle with the client and operational process of the testing and guidance we provide. Direct experience working with customers and relaying output to both technical and non-technical stakeholders is highly desirable.
About the Role:
- Utilize practical and extensive client penetration testing experience on day one to support existing team and new clients (This is not a junior development role).
· Perform Penetration Testing for networks (internal & external), web applications, APIs, mobile, and cloud environments.
· Collaborate with team members and clients to define project scopes, business cases, review test results, and determine remediation steps.
· Draft reports and communicate complex security concepts and test findings to clients and stakeholders.
· Make expert recommendations to help clients improve their information security program.
· Work on researching & developing utilities, toolkits, processes, tactics, and techniques.
· Participate in client meetings, communicate clearly and openly on incremental progress, and inform the team of any help needed on impediments and roadblocks.
Penetration Team Tool Sets:
· Our technology stack used to perform penetration testing includes Rapid7 Nexpose, Burp Suite, and Nessus in addition to robust use of Kali Linux. Each team member typically also brings in their own suite of open-source favorite tools or their unique scripting background to assist in driving the penetration testing team results. We thrive on manual techniques and those who want to work with the team to explore the best options for performing our evaluations.
Basic Qualification Requirements:
· Bachelor’s degree in computer science or a related technical field involving software engineering, cyber security is preferred yet not required.
· Practical experience in penetration testing is a key consideration, or any equivalent practical experience (Hack The Box).
· 3+ years of experience in internal or web application penetration testing is strongly desired. While less years may be acceptable, you will need to express a solid hands on and ready today approach to client penetration testing.
· Desire to stay up to date on the latest exploits, malware and third-party vulnerabilities.
· Ability to work with clients on gathering requirements (scope), building test cases, reporting and direct guidance with the clients will also be a strong consideration.
· Team player working across teams and departments.
· Experience using various penetration testing and analysis tools such as Frida, nmap, MobSF, Nessus, Rapid7 Nexpose, Burp Suite, ZAP, Metasploit, Rubeus, BloodHound etc. on Windows, Linux, iOS, and Android.
· Close proximity to our offices in Pittsburgh Pennsylvania for onsite client engagements.
Preferred Qualifications:
- OSCP, PNPT, CRTO, CRTE, GPEN, or other relevant penetration testing certifications.
- Prior experience working and coordinating client meetings and engagements.
- Knowledge of scripting languages such as Python, Ruby, Perl, Bash, VisualBasic, PowerShell, etc.
Who is Ethical Intruder?
For almost 15 years, Ethical Intruder has been working with clients to protect their web applications and systems. Ethical Intruder has been ahead of the curve on several directions the industry has taken. From our inception, we realized that cyber security would one day move from an IT issue to an Executive Leadership Team or Board Room critical topic, now the industry has moved in that direction and Ethical Intruder has a unique approach that resonates with client leadership groups and their board of directors.
Ethical Intruder services include technical penetration testing, compliance and risk, and user awareness training. Ethical Intruder started with Penetration Testing, and it remains one of their premier service areas dur to our unique approach that our clients rave about.
Ethical Intruder is led by their CEO David Kane who was named the Pittsburgh Technology Council CEO of the year in October 2023 and is the HealthCare Cybersecurity Pundit for Cybercrimes Magazine. Additional leadership include sour CTO who holds multiple industry technical and process patents, and our COO who has held leadership and executive roles in major US and fortune 500 companies.
Work Environment
Ethical Intruder has offices in Pittsburgh Pennsylvania. Many of our team members like to collaborate in person, an so we have a tremendous facility and environment to do so. Other prefer a hybrid or remote work environment, and for those employees we can make accommodations as well. Ethical Intruder is a fast-paced environment and typically employees are working on multiple client projects or for multiple of our penetration testing managed service clients at the same time. As a balance we do not have any specific guidelines on PTO, Vacation, Sick Leave or Personal Time. Everyone has a life and there needs to be a significant balance.
Benefits
· No restrictions on PTO, Vacation, Medical or Personal Time Off.
· Health Insurance
· Dental Insurance
· Vision Insurance
· Matching 401k
· Training and Advancement Opportunities
· Parking Lease assistance (50% paid by company at a minimum)
· Near Future Benefits to be added include Life Insurance
