Quantam Solutions provides IT solutions and consulting for our clients. We offer a competitive hourly wage, health benefits, paid time off, and a 401(k) plan. We're currently seeking a Penetration Tester.
JOB DESCRIPTION:
We are currently seeking a skilled Information Security Penetration Tester to join our client's proactive security team. This role will focus on advanced web application testing, infrastructure assessments, vulnerability scanning, and manual testing assignments, all aiming to strengthen our cybersecurity posture against evolving threats.
RESPONSIBILITIES:
Penetration Testing & Vulnerability Assessment: Conduct hands-on penetration testing and vulnerability assessment across various environments, including web and mobile applications, networks, cloud infrastructure, IoT, and other emerging technologies.
Advanced Security Analysis: Perform in-depth analyses, utilizing threat intelligence and real-world attack techniques, to uncover vulnerabilities and misconfigurations in complex systems.
Metrics Development & Risk Reporting: Develop and track meaningful security metrics to communicate the organization's security posture and enable risk-based decision-making.
Threat-based Reporting: Create and deliver actionable, threat-based reports that outline security testing results and prioritize recommendations based on potential impact.
Team Mentorship & Development: Mentor and coach junior security staff, sharing best practices, new techniques, and industry knowledge to aid their growth.
Stakeholder Consulting: Collaborate with developers, system administrators, and management to demonstrate security findings, articulate associated risks, and guide remediation efforts for optimal security outcomes.
Communication Across Levels: Effectively communicate technical security findings to various stakeholders, including technical teams, executives, vendors, and regulatory bodies, ensuring an understanding of risks and impact.
Relationship Building: Foster partnerships with critical business units and stakeholders to promote a security culture and support the implementation of security controls.
Compliance: Through thorough testing and reporting, ensure compliance with relevant security standards and regulations (e.g., PCI-DSS, HIPAA, GDPR).
Training and Awareness: Conduct security training sessions and workshops to educate employees about security best practices.
SKILLS/QUALIFICATIONS:
Education: Bachelor's degree in computer science, Information Security, or related field. Relevant certifications are highly desirable.
Experience: Minimum of 3 years of experience in information security, focusing on penetration testing and vulnerability assessment.
Technical Expertise: Proficient in one or more programming/scripting languages such as Python, JavaScript, C#, Ruby, or PowerShell, with solid knowledge of secure coding practices.
Frameworks & Methodologies: Hands-on experience with security testing frameworks and standards (e.g., PTES, OWASP) and familiarity with MITRE ATT&CK framework.
Cloud & DevOps Proficiency: Solid understanding of Windows, Linux, and Mac OS, hands-on experience in cloud environments (AWS, Azure, GCP), and familiarity with DevOps pipelines and container security (Docker, Kubernetes).
Critical Thinking & Problem Solving: Demonstrates a high level of critical thinking and problem-solving skills to navigate complex environments and devise innovative solutions.
Organizational Skills: Strong organizational, time-management, and documentation skills, with the ability to manage multiple tasks and deadlines effectively.
Certifications: OSCP, OSCE, OSWE, or OSEP are preferred but not required. Knowledge of or certification in cloud security (e.g., CCSK, AWS Certified Security) is a plus.
Continuous Learning: Stays current on the latest trends in cybersecurity, penetration testing, and threat landscapes, with a commitment to ongoing learning and professional development.