It - Information Security Analyst

We seek a candidate who has the technical expertise and good interpersonal skills to work closely with other teams such as infrastructure, cloud, external contractors, field-level IT resources, and risk management teams.

As a Cyber Security Penetration Tester, your responsibilities will include scheduling and performing penetration tests, assisting developers with remediating vulnerabilities discovered from security assessments, triaging findings that are disclosed through the client Bug Bounty Program (BBP), and developing internal tooling for supporting the client penetration testing program. You will primarily be performing application-type penetration tests, however, performing network-type and IoT-type penetration tests will be in scope as well.

Responsibilities:

• Schedule and perform penetration tests for a wide variety of client assets

• Manage penetration testing projects that are performed by third-party security vendors

• Perform threat emulation using known attacker Tactics, Techniques, and Procedures (TTPs)

• Triage security vulnerabilities that are disclosed through the client BBP

• Assist with the development of internal tooling to benefit the penetration testing program

What are we looking for?

To be a success in this role will demonstrate itself through the following attributes and skills:

•Demonstrated hands-on experience with penetration testing tooling, such as Burp Suite Professional or Metasploit, including usage of relevant plugins (where applicable).

•Experience with conducting reverse engineering on mobile applications, including using emulation solutions for conducting assessments.

•Experience with using, administering, and troubleshooting different Linux versions and Windows environments.

•Experience with scripting and editing existing code and programming, such as Python, Bash, C/C++, C#, JavaScript and/or Java.

•A tenacious, inquisitive mindset for discovering security issues.

•Ability to learn quickly and evolve with the rapidly changing threat landscape.

•Deep understanding of common web application security issues, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF).

•Strong technical writing skills for drafting penetration testing reports.

•Good interpersonal, verbal, and written communication skills to successfully interact with clients.

To fulfill this role successfully, you should demonstrate the following minimum qualifications:

• At least five (5) years of experience in Technology or a related field

• At least one (1) year of hands-on application penetration testing experience

It would be helpful in this position for you to demonstrate the following capabilities and distinctions:

• Experience programming in one or more of the following languages: Python, C#, JavaScript, TypeScript

• Familiarity with one or more of the following technologies: Node.js, React, Express, GraphQL, IIS,ASP.NET, Flask, Active Directory (AD)

• Understanding of fundamental networking-related concepts, such as the OSI model, subnetting, etc.

• Relevant cybersecurity certifications (e.g., OSCP, CEH)

• Bachelor’s Degree, or associate degree plus six (6+) years of Technology related experience, or High School Degree/GED plus twelve (12) years of Technology related experience

• Prior security experience in a Fortune 500 or Hospitality environment