Penetration Tester

Job Description
A Penetration Tester with deep technical expertise in the processes, procedures, tools and methodology for assessing IT Security risk. The role requires an individual who can independently visualize the network topology from information provided, prepare tests, conduct hacker simulations and demonstrate the likelihood of data compromise via 'proof of concept exploitation' of a given vulnerability. Further to the tests, to be able to clearly describe the problem, the concerns and provide recommendations to fix.

Required Technical and Professional Expertise

  • Minimum of 3 preferably 5 years of "hands on" Penetration Testing Experience with operating systems, web applications and network infrastructure.2.
  • Minimum of 3 preferably 5 years experience with using Penetration Testing Tools. e.g. NMap, Nessus, Metasploit, WireShark, Kismet, Webscarab, BurpSuite, Nikto, Tcpdump, IBM AppScan. 4.
  • Required certification: OSCP or equivalent
  • Administrator level knowledge of Server Operating Systems specifically Unix and Windows8.
  • Intricate technical knowledge of TCP/IP Networking/Routing, Intranet / Internet Architectures and Segregation Technologies/VLANs, Firewalls, Intrusion Detection, Intrusion Prevention, SQL Databases, Web Servers.
  • Programming ability to create, read and modify exploit code to achieve system penetration. C, C++, Java, C#, scripting knowledge is an asset.
  • Ability to document and present the penetration testing results including recommendations to fix.


Preferred Tech and Prof Experience

  • None


EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.


Back to top