DescriptionAs part of the Threat and Vulnerability Management operations arm, your role is pivotal in protecting the cxLoyalty’s business operations, clients and employees’ data and the organizations intellectual property. This job is for an In-House Penetration Testing professional. They should be proficient in cloud vulnerability assessments, penetration testing, and professionally relaying technical vulnerabilities and their impact to technical and non-technical customers. A successful candidate will be able to demonstrate knowledge of general Cybersecurity infrastructure and cloud principles. Ideally, they will understand program and project level delivery processes for penetration testing in large scale organizations. This position will not be solely working as a penetration tester as the aim is to partner with other teams to drive real solutions while maintaining independence. Assessments delivered would be primarily [80-90%] remote with some [10-20%] at an onsite location. They should be comfortable identifying vulnerabilities using manual and automated tools of the trade but not have to rely on automation. They should be comfortable manually exploiting vulnerabilities, performing post-exploitation activities, and explaining the path to compromise to external and internal stakeholders.
Responsibilities:
- Plan, scope, coordinate, and manage penetration tests on a global level from initiation to closure
- Carry out remote/onsite network testing of the cloud to expose weaknesses in security
- Plan, create and execute penetration attack methods, scripts, and tests using the current polices and process
- Simulate security breaches to test a system's relative security
- Work with the business to determine test requirements
- Understand how identified flaws could affect a business, or business function, if they're not fixed.
- Create reports and recommendations from findings
- Collaborate with other teams to act as an advisor on methods to fix or lower security risks
Qualifications:
The candidate will need a strong understanding of infrastructure/cloud architecture and security testing approaches. This will include using tools, manual testing, and various testing techniques.
- Demonstrated continued technical growth (Where are you getting CPE’s?)
- Ability to independently conduct and lead security assessments
- Ability to script and understand basic coding
- Ability to represent/convey information, both verbal/written to multiple organization levels (Social intelligence)
- Ability to explain/convey technical vulnerabilities to technical/non-technical 3rd parties. (Technical Intelligence)
- Understand complex computer systems and technical cyber security terms as well as their applications
Requirements:
To be considered for this position, these are the minimum requirements:
- At least one of the following Certification(s): OSCP/OSWP/OSCE/OSEE/OSWE/OSEP/CEH and CISSP/CISM
- 3+ years of ‘fingers on keyboard’ experience in Penetration testing and vulnerability assessment
- 3+ years of server, application, and network security hardening experience (e.g. design, recommend and implement security hardening technical controls)
- 3+ years in Information Technology Infrastructure
- 1+ years of experience working in a public cloud environment (e.g. AWS, GCP or Azure)
- Ability to manually conduct a penetration test
- Proficient in coding in one of more languages (e.g. Python, Bash, Java, C++, PowerShell…)
- Overall knowledge of the Software Development Life Cycle
- Willingness to travel up to 20%
