Job Description

The Senior Ethical Hacker / Penetration Tester will be working individually and in teams.  This individual will be performing penetration testing or vulnerability assessment of web application, network, wireless, code review and firewall on multi-protocol enterprise systems.  This resource must have technical acumen.  This resource will be a key figure in monthly software releases for the client, semiannual complete regression testing of the entire platform, as well as other testing needs that may be arise.

Duties and Responsibilities

• Independence: self-managed and motivated.  High energy, results driven person with strong interpersonal skills
• Team oriented
• Project Management: Takes responsibility for satisfaction of assigned project
• Effective at speaking and collaborating with others
• Effective at Technical writing and conducting vulnerability research
• Effective at scoping a client’s testing effort
• Good communicator to a technical audience.
• Good understanding QA Methodology
• Excellent communication skills and the ability to interface with more senior co-workers and leadership with confidence and clarity

Education and Training

• Bachelor’s Degree in Information Technology/Computer Science or 5 years IT experience
• Any of the following certifications: CISSP, GIAC, CEH certifications

Required Skills

• Strong web application penetration testing experience
• Experience in vulnerability identification and remediation
• Knowledge of the software development lifecycle in a large enterprise environment
• Programming background (C++, Perl, Python, Shell ) for tool and exploit development
• Operating Systems: Windows, Linux, HP-UX, Solaris, AIX, etc.
• Web Servers: IIS, Apache, Lotus Domino, Sun Java System, TC Server
• Middleware software: Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat
• In-depth knowledge of any proxying tools such as Paros, Burp, WebScarab, Achilles “fault injection”
• Experience with any of the following commercial application scanning tools: IBM’s AppScan, HP’s WebInspect, HP’s Fortify, NTOSpider, Cenzic’s Hailstorm
• Commercial database software like Application Security Inc.’s AppDetective
• Experience with any open source tools such as Whisker or Nikto
• WebServices technologies such as XML, SOAP, AJAX
• Networking tools such as Nessus, nmap, Retina netcat
• Understanding of various web application architectures
• Understanding of server and client side application development
• Physical and logical security audits
• Logical protocol and network traffic audits
• Client/Server exposure (i.e. Java, JSP, Servlet, Linux, UNIX, SQL).
• Mainframe exposure (i.e. COBOL, JCL, IDMS/ADSO, CICS).
• Database exposure (i.e. SQL Server, DB2).
• Automation Testing Tool / frameworks exposure

Desired Skills

• Experience with performing code review, wireless and firewall assessments
• Solid network penetration testing experience
• Technical knowledge in network security products, cryptographic suites and network/application firewalls
• Experience with mobile application and operating system testing
• Experience in evasion techniques to bypass firewalls and intrusion detection