| MOI-Telephonic followed by Skype
Job Description
The Senior Ethical Hacker / Penetration Tester will be working individually and in teams. This individual will be performing penetration testing or vulnerability assessment of web application, network, wireless, code review and firewall on multi-protocol enterprise systems. This resource must have technical acumen. This resource will be a key figure in monthly software releases for the client, semiannual complete regression testing of the entire platform, as well as other testing needs that may be arise.
Duties and Responsibilities
- Independence: self-managed and motivated. High energy, results driven person with strong interpersonal skills
- Team oriented
- Project Management: Takes responsibility for satisfaction of assigned project
- Effective at speaking and collaborating with others
- Effective at Technical writing and conducting vulnerability research
- Effective at scoping a client’s testing effort
- Good communicator to a technical audience.
- Good understanding QA Methodology
- Excellent communication skills and the ability to interface with more senior co-workers and leadership with confidence and clarity
Education and Training
- Bachelor’s Degree in Information Technology/Computer Science or 5 years IT experience
- Any of the following certifications: CISSP, GIAC, CEH certifications
Required Skills
- Strong web application penetration testing experience
- Experience in vulnerability identification and remediation
- Knowledge of the software development lifecycle in a large enterprise environment
- Programming background (C++, Perl, Python, Shell ) for tool and exploit development
- Operating Systems: Windows, Linux, HP-UX, Solaris, AIX, etc.
- Web Servers: IIS, Apache, Lotus Domino, Sun Java System, TC Server
- Middleware software: Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat
- In-depth knowledge of any proxying tools such as Paros, Burp, WebScarab, Achilles “fault injection”
- Experience with any of the following commercial application scanning tools: IBM’s AppScan, HP’s WebInspect, HP’s Fortify, NTOSpider, Cenzic’s Hailstorm
- Commercial database software like Application Security Inc.’s AppDetective
- Experience with any open source tools such as Whisker or Nikto
- WebServices technologies such as XML, SOAP, AJAX
- Networking tools such as Nessus, nmap, Retina netcat
- Understanding of various web application architectures
- Understanding of server and client side application development
- Physical and logical security audits
- Logical protocol and network traffic audits
- Client/Server exposure (i.e. Java, JSP, Servlet, Linux, UNIX, SQL).
- Mainframe exposure (i.e. COBOL, JCL, IDMS/ADSO, CICS).
- Database exposure (i.e. SQL Server, DB2).
- Automation Testing Tool / frameworks exposure
Desired Skills
- Experience with performing code review, wireless and firewall assessments
- Solid network penetration testing experience
- Technical knowledge in network security products, cryptographic suites and network/application firewalls
- Experience with mobile application and operating system testing
- Experience in evasion techniques to bypass firewalls and intrusion detection
|
