Match score not available

PENETRATION TESTER (Remote)

Remote: 
Full Remote
Contract: 
Experience: 
Mid-level (2-5 years)
Work from: 
Maryland (USA), United States

Offer summary

Qualifications:

Bachelor's degree or equivalent experience, 3 years IT industry experience, Strong knowledge of NIST standards, Penetration Testing Certification required, Experience with AWS, Azure, Google Cloud.

Key responsabilities:

  • Execute testing procedures based on NIST SP 800-53A
  • Conduct vulnerability testing across multiple environments
  • Perform Social Engineering campaigns
  • Develop Penetration Test Plans and client reports
  • Author recommendations to enhance security postures
Emagine IT, Inc. logo
Emagine IT, Inc. SME https://www.eit2.com
51 - 200 Employees
See more Emagine IT, Inc. offers

Job description

Emagine IT has an immediate need for a Penetration Tester to join our team in support of our Commercial Services Team located remote.

In this role, you will facilitate Penetration Tests, Threat Hunting exercises and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables.

In this role, you will:

    Execute testing procedures in accordance with NIST SP 800-53A Revision 4 

    Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments

    Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling – Including but not limited to creation of landing pages, creation of embedded executable payloads   

    Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements

    Author recommendations based on findings to improve security postures compliant with NIST controls

    Penetration Testing/Threat Hunting (75%); Advisory/Consulting (%25)

    Experience using:

o    Kali Linux

o    Social Engineering Toolkit

o    Burp Suite

o    Nessus

o    Metasploit Framework. 

o    Experience using the MITRE ATT&CK Framework

o    Good understanding of coding (Python, Ruby, etc.)

o    Understanding of SQL commands and testing

Expected Travel less than 25%


Required Qualifications:

    Bachelor’s degree (4-yr college or university) or equivalent combination of education and experience

    Minimum three (3) years of experience in IT industry with strong familiarity with NIST Special Publications (SP) 800-37 Revision 1, 800-53 Revision 4, and 800-53A Revision 1, PCI-DSS, SOX, HIPAA

    Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences

    Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171

    Ability to independently lead small, less complex system assessments

    Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts to satisfy assessment requirements

    At least one of the following certifications in order of preference: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP certification 

    Must have a Penetration Testing Certification – order of preference: OCSP, GIAC-GPEN, LPT

    Second certification in order of preference to be obtained within 6 months or by conversion date: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP

    Candidate must perform “CTF” style penetration test including presentation of findings prior to offer of employment

Additional Qualifications:

    Experience reviewing Nessus output

    Basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft

    Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements

    Experience with Amazon Web Services, Microsoft Azure, Google Cloud etc.

    Project management experience or certification (PMP)

    Must be eligible for Secret Clearance or Public Trust

    This role cannot sponsor Visa candidates.


AAP/EEO Statement

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.


Required profile

Experience

Level of experience: Mid-level (2-5 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Teamwork
  • Verbal Communication Skills

Penetration Tester Related jobs