Job Summary
The Senior Penetration Tester will be responsible for providing demonstrated impact to an organization's enterprise network through the practical exploitation of known and discovered network, system, and application vulnerabilities or misconfigurations. They will then be responsible for the careful and detailed documentation of findings and outcomes from their testing for reporting and presentation purposes. This role is responsible for providing results to audiences at all levels of an organization. It must effectively communicate the results orally and in written format. They will be required to provide both observed and confirmed issues that may result in the potential compromise of a client’s data confidentiality, integrity, and availability. This role must develop and communicate a carefully researched corrective action plan to remediate findings. The Penetration Tester must know industry-standard security testing tools and techniques and can deploy and utilize these tools, minimizing the impact on client operational capability. This role also requires the ability to mentor Level I Penetration Testers and work effectively in a small group environment, which includes being the primary company representative for projects assigned to Level I penetration testers.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
- Service delivery and execution of internal, external, wireless, and application penetration tests.
- Actively involved/leading efforts to manage the Fortified Health Security Penetration Testing Service.
- Delivery of findings (formal report, notes, presentation, and appendices) to the client.
- Reporting of operational and strategic metrics for each project to team lead or department management.
- Maintain awareness of various network, system, and application threats, vulnerabilities, and exploits.
- Maintain currency of existing and pursuit of relevant industry or professional certifications.
- Knowledge and familiarity with the use of penetration testing tools i.e., Metasploit, NMAP, BURP Suite, NESSUS, CobaltStrike etc.
- Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, PTF, NIST SP800-115 and the application thereof.
- Maintain working knowledge of networking technologies and network functionality.
- Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware in accordance with company operating procedures.
- Work effectively in a small team environment with ability to communicate effectively and efficiently.
- Communicate effectively with client base to outline appropriate penetration testing project scope.
- Orchestrate multiple penetration testing projects from start to finish.
- Accurately enters and submits time by required deadlines.
- Books travel in adherence to the company/client travel policy.
- Maintains documentation regarding customer interactions and detailed notes pertaining to actions taken during an assigned project.
- Maintain and update the Fortified Services Methodology and other department documentation.
- Familiarity with Fortified Core Services and make appropriate recommendations to client based on those offerings.
- Attend and participate in team and departmental meetings.
Knowledge & Skills
Education & Experience
- Bachelor's Degree in Computer Science, Management Information Systems, or other relevant combination of training and experience.
- 3+ years of proven work experience in an IT Security-related field.
- Team leadership/project management experience in an IT Security-related field.
- Hospital Operations or Healthcare IT experience a plus.
- Strong computer skills in Adobe and Microsoft Office applications (Project, Visio, Word, Excel, PowerPoint).
- Solid understanding of hardware and networking terminology and devices.
Special Skills & Knowledge
- Experience with network security, topology, networking technologies and an understanding of the OSI Model.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Familiarity with generating and troubleshooting PowerShell/bash/python scripts.
- Ability to work and communicate with clients, third party system vendors, and other departments in an effective, positive, and professional manner.
- Must possess a level of professionalism and diplomacy that will serve to build and maintain relationships throughout the course of the project and beyond.
- Excellent interpersonal skills that include the ability to effectively communicate verbally and in writing.
- Resourcefulness and ability to take the initiative in development and completion of work projects.
- Must possess and have proven problem resolution/critical thinking skills.
- Must be flexible and work with a high level of initiative.
- Ability to retain and protect confidential material.
- Ability to demonstrate supportive relationships with peers, clients, partners, and corporate executives.
Licenses, Certifications, etc.
- Relevant security certifications (i.e., CISSP, SSCP, OSCP, CEH, GSEC, etc.)
- Other desired technology certifications (i.e., RHCA, MCSE, CCNA, etc.)
Requirements
Supervisory Responsibility
Working Conditions & Travel Requirements
- Evening and weekend hours should be anticipated.
- Travel as needed.