| HIRING NOW(Fulltime)::Penetration Tester(12+ exp)::Remote(No EST) at Remote, Remote, USA |
| Email: [email protected] |
| From: Sam, Adventa Tech Inc [email protected] Reply to: [email protected] Job Description -Working Job Title: Penetration TesterLocation: Remote (Must be in PST, MST or CST time zones - no EST) Role Type: 6 Month Contract to Hire GC/USC ONLYBase: Market Rate for hourly Client: Conversion Salary: $70k - $140kAny Stock Options, Restricted Stock Options (RSU), 401k, Pension, Benefits **WILL ONLY APPLY AFTER CONVERSION Benefits package is great; Grace sent to me and can be found under "Files" section in Bullhorn under Las Vegas Sands Health, dental, vision, all covered No out of pocket cost for healthcare - can use as selling points if salary is lower than they want, etc. PPO through UHCOriginal Notes from Last Placements: Candidates MUST be willing and able to convert after 6 month contract period Need to really confirm they are okay with conversion salary / bonus listed prior to submitting Experience with Application development and hardware, mobile is a plus They need a RED team player Certification highly preferred OSCP, OSWE, GWAPT Essential Duties & Responsibilities: Assist in developing a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that such developed software is free of security vulnerabilities. Conducting and leading comprehensive penetration tests on client networks, systems, and applications. Identifying security vulnerabilities, misconfigurations, and weaknesses in target environments. Utilizing automated scanning tools and manual testing techniques to exploit vulnerabilities. Documenting findings, methodologies, and recommendations in clear and concise reports for clients. Evaluate SDLCs and advise on applicable application security technologies and integration points. Implement application security technologies with SDLCs, including integration of technology, workflows, documentation, training, and other functions necessary to enable stakeholder success. Support developer teams in managing day to day cyber security processes pertaining to development of software. Provide technical guidance to developers as it relates to cybersecurity. Ensure the reliable operation of application security technologies that support program objectives. Work with quality assurance teams to ensure that software is sufficiently analyzed by application security technologies and processes. Work with software development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests. Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting vulnerability analysis. Provide remediation guidance and recommendations to developers and administrators. Support development of incident response exercises to support development of approaches to respond to use case driven alerts and incidents. Perform security configuration reviews of our products to ensure that they are in alignment with company established best practices. Maintaining ethical standards and confidentiality while conducting penetration testing activities.Minimum Qualifications: Must be able to obtain and maintain a Nevada Gaming Control Board Registration and any other certification or license, as required by law or policy. Any of the following combinations of education, professional experience, or both: At least 6 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or At least 6 years of related field work experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role and technical degree in computer / information science; or At least 10 years of relevant field experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role. A strong understanding of cybersecurity fundamentals relating to software development. Experience developing software utilizing at least two of the following coding languages: C#, GoLang, .NET, NodeJS, Java, C++, PHP, Python, or others. Proven experience in conducting penetration tests and security assessments across a variety of environments. Advanced proficiency with penetration testing tools such as Metasploit, Nmap, Burp Suite, and Wireshark. Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are required (at least one). Demonstrated experience working with technical and non-technical staff. Strong collaboration and communication skills. Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks, for example: International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT) Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud Experience with at least three of the following technology spaces (more is preferred): SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling, and similar. Experience validating software development processes meet cybersecurity requirements. Experience analyzing code for weaknesses and errors and overseeing plans to improve code. Safety, consistency in schedule, and regular attendance are essential functions of this job. Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business). On an infrequent, but as needed basis, must be able to work varied shifts, including nights, weekends, and holidays. Willingness to perform other related duties as assigned.Additional Experience Preferred: Professional certification in both cybersecurity and software development preferred. Experience as an application or product security engineer. Experience in software development of enterprise applications. Experience in a technical consulting/professional services role, preferably in cyber security, or software development. Proficiency with multiple front-end, back-end, and scripting programming languages and demonstrated ability to become proficient with new programming languages and technologies. Strong familiarity with common vulnerabilities and attack vectors. Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs. Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.). Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments. Keywords: cplusplus csharp information technology ffive green card HIRING NOW(Fulltime)::Penetration Tester(12+ exp)::Remote(No EST) [email protected] |
| [email protected] View all |
| Wed Jul 31 22:29:00 UTC 2024 |