Senior Penetration Tester Consultant

AlignBulgaria - Remote2h ago

<h4>About the Role</h4> The Senior Penetration Tester works to test and improve the security of our clients’ systems and data across a wide range of industries. In this role, you will be responsible for the execution of all types of penetration tests, social engineering tests, and vulnerability scans, as well as compiling and writing client reports. As the Senior Penetration Tester, you will provide exceptional testing and high-quality deliverables to clients to help continued growth of our fast-paced company.  <h4>Reports to </h4> Managing Consultant   <h4>Pay Classification</h4> Full-Time <h4>Responsibilities</h4> <ul> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Execute internal, external, wireless, and web application pen tests </li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Perform social engineering tests, including phishing, vishing, and physical </li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Complete vulnerability scans and assessments </li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Compile and write client reports </li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Reimage devices and virtual machines with Kali Linux</li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Create and write Bash scripts from the command line </li> <li data-leveltext="" data-font="Symbol" data-listid="7" data-aria-posinset="1" data-aria-level="1">Create, modify, move, and write files and documents from the command line only</li> </ul> <h4>Minimum Qualifications </h4> EDUCATION   <ul> <li>Master’s or Bachelor’s degree in cybersecurity, management information systems, computer science, or relevant discipline</li> </ul> EXPERIENCE   <ul> <li>At least 5 years of experience with penetration tests and vulnerability assessments; including internal, external, wireless, mobile, and web application testing</li> <li>Performed network and application pen tests</li> <li>Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#</li> <li>Proficiency in working with both Windows and Linux operating systems</li> <li>Demonstrated ability to perform penetration testing from the network layer to the web application layer, culminating in the completion of a quality report</li> <li>Familiarity with major cloud CSPs such as AWS, Azure, AliCloud, Google Cloud, and Rackspace, including their associated internal components and controls</li> <li>Solid understanding of SOAP/REST/JSON web APIs and methodologies for testing them</li> <li>Working knowledge of standard security assessment tools (e.g., NMAP, metasploit, Scapy, Burp Suite, SSLStrip, Ettercap, Nessus, Nikto, AppScan)</li> <li>Involvement with CTF (Capture The Flag) and exploitation tools (HackTheBox profile preferred)</li> <li>Background in Security Operations, Incident Response, forensics, red-teaming, or DevOps preferred</li> </ul> CERTIFICATIONS  One of the following certifications required: <ul> <li>OSCP/eCPPT or other related penetration testing certifications</li> <li>eWPT or other applicable web app cert</li> </ul> Two of the following certifications required: <ul> <li>GWAPT, CEPT, LPT, GPEN, CPT, GXPN, PenTest+, GAWN, GMOB, CRTOP</li> </ul> SKILLS  <ul> <li>Background and understanding on networking, firewalls, and subnets</li> <li>Understanding of security best practices</li> <li>Thrives in a fast-paced environment</li> <li>Excellent communication skills </li> <li>Ability to work individually as well as collaboratively  </li> <li>A high degree of motivation</li> <li>A security focused mindset</li> <li>Proficiency with scripting languages (Python, Bash, JavaScript, PowerShell)</li> <li>Ability to create, modify, write documents from command line, and write Bash scripts to automate or facilitate tasks </li> </ul> <h4>Benefits</h4> <ul> <li>Healthcare, Dental, and Vision Benefits</li> <li>EAP - Employee Assistance Program</li> <li>Competitive Bonus Structure</li> <li>Home Office Reimbursement</li> <li>Technology Allowance</li> <li>Certification Reimbursement</li> <li>Public Transportation Card</li> <li>Multisport Card</li> <li>Personalized Career Coaching</li> <li>Generous Paid Time Off</li> <li>Paid Office Closure December 24-January</li> </ul> <h4>About A-LIGN </h4> A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com. <h4>Come Work for A-LIGN!</h4> Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on <a id="OWA8c9cab88-7948-09cb-144e-405a41f998fa" class="OWAAutoLink" href="https://www.linkedin.com/company/a-lign/posts/?feedView=all" data-auth="NotApplicable">LinkedIn</a>.  A-LIGN is an Equal Opportunity Employer.  The personal data you provide to us is processed by A-LIGN Bulgaria. Your personal data is shared with employees of A-LIGN, and the candidate data retention period is 6 months. You have the right to obtain information about the processing of your personal data. In addition, you have the right to correct, to block, and to delete your data in accordance with the local laws and regulations. For more information you can visit <a href="https://www.a-lign.com/privacy-policy-job-ads">A-LIGN’s Job Ads Privacy Policy.</a>