Senior Penetration Tester
Your Opportunity Our Red Team is looking for a Senior Specialist Penetration Tester to support our growing team. You should have a deep understanding of networking, applications, operating systems, development, manipulation, review and exploitation of malware. This position requires someone that can think differently and enjoys breaking into networks.
What you're good at
- Conduct network, application and mobile penetration tests.
- Source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
- These assessments involve manual testing, analysis, and exploitation as well as the use of automated vulnerability scanning/testing tools such as Nmap, Qualys, Metasploit / Metasploit Pro, Core Impact, Kali and Burp Suite Professional.
- Development skills (e.g., Python, Ruby, Java, JS, etc.).
- Expertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)
- Develop test plans, manage tests/projects and communicate report findings.
- Assist with scoping engagements and leading engagements from kickoff through remediation.
- Coordinate test findings with applicable technology, information security, and business groups.
- Perform validation testing of security vulnerabilities that have been remediated and evidence the results for closure.
- Assist in conducting information security risk assessments.
- Work closely with the Information Security Risk Management, the business, and technology groups.
- Maintain ongoing proficiency in network and application exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, network security and encryption.
- Become passionate about keeping Schwabs's customers safe.
What you have
- 6+ years of experience in information security.
- 5+ years of penetration testing experience preferably with a consulting firm.
- Knowledge of the tools, tactics procedures and counter measures.
- Experience conducting penetration tests, running web application testing tools, performing manual testing and source code review using tools, validating test results, identifying root cause, analyzing vulnerabilities and helping develop platform specific remediation plans.
- Experience in security testing with in-depth knowledge of security fundamentals and exploit techniques.
- One or more of the following security certifications preferred: GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s).
- BS in Computer Science or equivalent degree/experience desired.
Back to top