We are currently seeking a Penetration Testing Manager to join our Risk Advisory Services group.
Summary of Responsibilities
Responsible for executing consistent, high-quality vulnerability assessment and penetration testing engagements. This position works with client companies to identify, exploit, and communicate results, including the path to compromise, with sufficient detail for both internal and external, and, technical and non-technical stakeholders. The majority of time will be spent on client engagements across various verticals and will require significant client contact and responsibility for preparation of deliverables & materials. Solid writing, analysis (qualitative & quantitative), communication, and technical research skills are a must.
Essential Functions
- Execute consistent, high quality, network and web application penetration testing engagements, but could also have exposure to SOC 1 or 2, PCI, HITRUST, and ISO 27001 engagements.
- Ability to use a variety of tools and manual testing techniques to make real world attempts at compromising systems, applications, and mobile security, to gain access to or disrupt and exploit system services.
- Ability to understand a wide range of IT systems and their underlying technologies, including Web Applications, Web Services (API), Mobile Applications, and Cloud Environments (AWS, Azure, Rackspace, and Google, etc).
- Ability to perform physical security and wireless access penetration testing.
- Identify risks and threats throughout their in-scope environments, generate proof of concepts for security vulnerabilities, determine their level of risk to the enterprise, and effectively communicate the results and remediation guidance to both technical and non-technical client personnel.
- Verify the security findings from other members of the penetration testing team.
- Actively participate in team problem solving efforts to solve client issues.
- Meet deliverables of engagement as outlined in client proposal.
- Interact with client, consultants, and office team to exceed expectations and mitigate project risk.
- Proactively seek new training to enhance technical skills and professional proficiency (research new threats, attack vectors, and risks).
- Train new staff on tools and processes, and assist with the development of internal training materials.
- Willingness to work during non-business hours (night-time, weekends, as-needed based on client requirements) on a regular basis.
Education & Experience Required
- GPEN, GWAPT, CEH, CISSP, CISA, CIA, CISM, or equivalent technical certifications preferred but not required
- Bachelor’s degree in one of the following is preferred: Computer Science, Information Systems (MIS/DIS), Network Security, Cyber Security
- 3+ years of direct experience performing Network, Web Application, Mobile application, and / or Wireless penetration testing
- Use of Kali Linux, Netsparker, BURP, Core Impact, Metasploit, Wireshark, etc
- Knowledge of SOC 1/2 , COBIT/COSO, ISO 27001, PCI, HIPAA/HITRUST
- Knowledge of security with Linux/Unix, Windows, MY/MSSQL, AWS/Azure Cloud, VMWare Firewalls
- Knowledge of OWASP requirements and ability to execute projects in accordance with the methodology
- Strong understanding and experience with information technology general controls
- 30% travel required