Penetration Tester - Remote

• Job Type:Contract

Posted 15 days ago

:

• Engage with the community to promote a positive experience for the researchers
• Facilitate mitigation on critical bugs
• Cultivate report metadata to ensure accuracy of metrics reporting
• Perform vulnerability scan, analysis, validation and remediation activities.
• Leverage Jira to track project efforts
• Build relationships between Security and Product teams
• Provide subject matter expertise on encryption, security controls, and secure programming practices across client
• Create ad-hoc metric requests and documentation
• Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.
• Collaborate with product teams to review and process external reports
• Perform technical and non-technical compliance activities.
• Provide guidance on effective vulnerability countermeasures
• Validate vulnerabilities discovered through code analysis.
• The Analyst will perform technical security activities including the following:
• Classify and prioritize the risk of new vulnerabilities according to the specifics of client environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.
• Identify opportunities to improve / add capabilities to the existing BB Program
• Test security bug fixes from product teams
• Perform security validation for configuration settings on different systems.
• Perform network and application penetration testing.
• Foster and maintain positive relationships between researchers and client
• Establish credibility as a trusted resource to stakeholders, colleagues, and customers across client
• Work with customers to oversee remediation of identified security issues.
• Contribute to security policy, standards, and guidelines related to Bug Bounty
• Assess incoming Bug Bounty submissions and reproduce reports to confirm validity

Min Qualifications:

• Understanding of CVSS base score methodology
• Windows and OSX), patching and attack patterns.
• Genuine interest in ethical hacking, penetration testing, or other areas of offensive security as a career path
• Fluent in a variety of web application protocols, operating systems and networking technologies.
• Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others.
• Positive and eager energy; motivated to gain a vast variety of knowledge
• Able to work in a constantly collaborative environment
• 2 years of experience either in Web application testing, Penetration Testing or Bug-Bounty.
• Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).
• Good written and verbal communication skills.
• Thoroughness in quality of work
• Able to work after hours frequently to address critical bugs
• Solid organizational skills and strong customer service skills.
• Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java).
• Strong analytical, problem solving and engineering skills.
• Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux,
• Punctual and responsive

Desired Qualifications:

• Experience with Kali Linux via VirtualBox, BurpSuite, Splunk, Jira, Mac OS, Linux
• History of participating in Bug Bounty programs or CTFs
• Offensive Security Certified Professional (OSCP)
• Track record of identifying and successfully submitting Bug-Bounty findings

About ASK: ASK Consulting is an award-winning technology and professional services recruiting firm servicing Fortune 500 organizations nationally. With 5 nationwide offices, two global delivery centers, and employees in 42 states-ASK Consulting connects people with amazing opportunities

ASK Consulting is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all associates.