TCI has an immediate need for an Information Security Penetration Tester. This is not a C2C opportunity. This is a long-term contract opportunity with probable extensions. Remote work available for candidates residing in Kentucky only.
Note: This position requires US Citizenship.
SUMMARY
The Information Security Penetration Tester will join our proactive security team and will focus on advanced web application testing, infrastructure assessments, vulnerability scanning, and manual testing assignments, all aiming to strengthen our cybersecurity posture against evolving threats.
RESPONSBILITIES
Penetration Testing & Vulnerability Assessment: Conduct hands-on penetration testing and vulnerability assessment across various environments, including web and mobile applications, networks, cloud infrastructure, IoT, and other emerging technologies.
Advanced Security Analysis: Perform in-depth analyses, utilizing threat intelligence and real-world attack techniques, to uncover vulnerabilities and misconfigurations in complex systems.
Metrics Development & Risk Reporting: Develop and track meaningful security metrics to communicate the organization's security posture and enable risk-based decision-making.
Threat-based Reporting: Create and deliver actionable, threat-based reports that outline security testing results and prioritize recommendations based on potential impact.
Team Mentorship & Development: Mentor and coach junior security staff, sharing best practices, new techniques, and industry knowledge to aid their growth.
Stakeholder Consulting: Collaborate with developers, system administrators, and management to demonstrate security findings, articulate associated risks, and guide remediation efforts for optimal security outcomes.
Communication Across Levels: Effectively communicate technical security findings to various stakeholders, including technical teams, executives, vendors, and regulatory bodies, ensuring an understanding of risks and impact.
Relationship Building: Foster partnerships with critical business units and stakeholders to promote a security culture and support the implementation of security controls.
Compliance: Through thorough testing and reporting, ensure compliance with relevant security standards and regulations (e.g., PCI-DSS, HIPAA, GDPR).
Training and Awareness: Conduct security training sessions and workshops to educate employees about security best practices.
REQUIREMENTS
Bachelor's degree in computer science, Information Security, or related field.
Relevant certifications (e.g., CEH, OSCP, CISSP) are highly desirable.
Minimum of 3 years of experience in information security, focusing on penetration testing and vulnerability assessment.
Proficient in one or more programming/scripting languages such as Python, JavaScript, C#, Ruby, or PowerShell, with solid knowledge of secure coding practices.
Hands-on experience with security testing frameworks and standards (e.g., PTES, OWASP) and familiarity with MITRE ATT&CK framework.
Solid understanding of Windows, Linux, and Mac OS, hands-on experience in cloud environments (AWS, Azure, GCP), and familiarity with DevOps pipelines and container security (Docker, Kubernetes).
Certifications: OSCP, OSCE, OSWE, or OSEP are preferred but not required. Knowledge of or certification in cloud security (e.g., CCSK, AWS Certified Security) is a plus.