Penetration Tester (On-Site)
Location
Duluth, GA | United States
Job description
Responsibilities:
- Work with different product and IT infrastructure teams to comprehend the business and develop the knowledge required to perform job duties and responsibilities.
- Document and formally report testing initiatives, along with remediation recommendations and validation.
- Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial and bring-your-own (BYO) products.
- Conduct discovery and vulnerability assessment of enterprise-wide assets.
- Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Develop and maintain tools and scripts used in penetration-testing, vulnerability management, and red team processes.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Regularly research and learn new TTPs using a variety of sources, and work with teammates to assess risk and implement and validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
- Occasionally attend and participate in change management policy discussions and meetings.
- Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
- Maintain and track third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
- Perform other duties as assigned.
Qualifications:
- At least 5-7+ years' experience in information security administration, offensive tactics, monitoring and IR.
- Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
- Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
- Strong operating system knowledge across *nix, Windows, and Mac; proficient with networking protocols.
- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
- Understanding of OWASP, the MITRE Telecommunication&CK framework and the software development lifecycle (SDLC).
Experience:
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- 5-8 years of related experience required.
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- About certifications, preferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT, CISSP.
PrismHR is a fast-paced SaaS company which provides customers with a cloud-based payroll process software application. PrismHR also provides professional services including system implementation consulting, custom configurations, and training. Lastly, via the Company’s Marketplace platform customers and end users access other human resources and employee benefits applications from PrismHR’s Marketplace Partners.
Diversity, Equity and Inclusion Program/Affirmative Action Plan:
We have transformed our company into an inclusive environment where individuals are valued for their talents and empowered to reach their fullest potential. At PrismHR, we strive to continually lead with our values and beliefs that enable our employees to develop their potential, bring their full self to work, and engage in a world of inclusion.
Ensuring an inclusive environment for our employees is an integral part of the PrismHR culture. We aren't just checking a box, we are truly committed to creating a workplace that celebrates the diversity of our employees and fosters a sense of belonging for everyone. This is essential to our success. We are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about our roles but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for these open roles or other open roles. We particularly encourage applicants from traditionally under-represented groups as we seek to increase the diversity of our workforce and provide fair opportunities for all.
As a proud Equal Opportunity and Affirmative Action Employer, PrismHR encourages talent from all backgrounds to join our team. Employment decisions are based on an individual’s qualifications as they relate to the job under consideration. The Company’s policy prohibits unlawful discrimination based on sex (which includes pregnancy, childbirth, breastfeeding, or related medical conditions, the actual sex of the individual, or the gender identity or gender expression), race, color, religion, including religious dress practices and religious grooming practices, sexual orientation, national origin, ancestry, citizenship, marital status, familial status, age, physical disability, mental disability, medical condition, genetic information, protected veteran or military status, or any other consideration made unlawful by federal, state or local laws, ordinances, or regulations.
The Company is committed to complying with all applicable laws providing equal employment opportunities. This commitment applies to all persons involved in the operations of the Company and prohibits unlawful discrimination by any employee of the Company, including supervisors and co-workers.
Privacy Policy: For information about how we collect and use your personal information, please see our privacy statement available at
PrismHR provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. If you have any difficulty using our online system and you need a reasonable accommodation due to a disability, you may use the following alternative email address to contact us about your interest in employment at PrismHR: [email protected]. Please indicate in the subject line of your email that you are requesting accommodation. Only candidates being considered for a position who require an accommodation will receive a follow-up response.
#LI-ML1
Job tags
Salary
