Job Description

• At least three years of penetration testing experience, including Web Apps/APIs, Internal and external network infrastructure, Wireless Access Points, Cloud / SaaS environments, and Both Windows and Linux Server environments.
• Experience testing for regulatory requirements (PCI -DSS).
• Proficient in at least one programming language, such as Python, Ruby, Java, or C#,
• Proficient with standard web development languages, such as HTML, CSS, JavaScript, and PHP,
• Solid understanding of networking concepts, such as TCP/IP, DNS, HTTP, FTP, SMTP, and VPN.
• Well-versed in security principles, such as encryption, authentication, authorization, and access control.
• Experience with Technical writing, drafting testing reports, and presenting executive summaries
• Solid understanding of Cyber Risk Management concepts and functions, e.g. Risk assessment, Risk Mitigation, Threat analysis, Threat modeling, and Remediation Assessment.
• Experience working with a Risk Registry (Not required, but a Plus)
• Experience working in Incident Response. (Not required but a plus)
• Understanding of SCADA systems. (Not required but a plus)
• Experience working on a Red or Purple team (not required, but a plus!)

• Excellent communication skills, including the ability to explain technical concepts to a non-technical audience
• Excellent Organizational and time management skills.
• Desire to problem solve.
• Experience working in the Utility, Energy, or Financial sector

• Kali Linux Distro and associated tool (Metasploit, Wireshark, Nmap OWASP ZAP, John the Ripper, Aircracking, etc.)
• Burp Suite
• Nessus Pro
• Defect Dojo
• Probely (Not required, but a plus)
• Qualys (Not required, but a plus)