Senior Penetration Tester

Summary

Join A-LIGN's dedicated penetration testing team as a Senior Penetration Tester and contribute to enhancing the security of our clients' systems and data across various industries. This role demands experience in penetration testing and a passion for identifying vulnerabilities before threat actors exploit them. You will execute internal, external, wireless, mobile, API, and web application penetration tests, as well as social engineering tests. Responsibilities include compiling client reports and working collaboratively with the team. The ideal candidate possesses a strong background in penetration testing, relevant certifications, and proficiency in scripting languages. A-LIGN offers a comprehensive benefits package, including health insurance, retirement plan, paid time off, and professional development opportunities.

Requirements

• Master’s or Bachelor’s degree in cybersecurity, management information systems, computer science, or relevant discipline
• Two of the following penetration certifications required: GWAPT, CEPT, LPT, GPEN, CPT, GXPN, PenTest+, GAWN, GMOB, CRTOP
• Proficiency with scripting languages (Python, Bash, JavaScript, powershell)
• 5+ years of experience with penetration tests and vulnerability assessments; including internal, external, wireless, mobile, and web application testing
• You have an understanding of API’s, how they work, and how to test them
• You have used cloud CSP’s such as AWS, Azure, AliCloud, Google cloud, Rackspace, and any internal associated components/controls
• You can perform social engineering campaigns including phishing, vishing, and physical
• You can re-image your own system when necessary, and navigate Kali Linux to conduct penetration tests, with only command line access as necessary
• You can create, modify, and write documents from command line, and write Bash scripts to automate or facilitate tasks as necessary
• You can write professional reports with proper grammar, spelling, and punctuation, that need very little QA review
• You can communicate with clients, and understand if something needs to be escalated internally
• You are comfortable monitoring the metrics of a project, personal utilization, and constant improvement toward efficiency
• You are willing to expand your knowledge, obtain relevant certifications, and meet CPE requirements as necessary
• You are ready and willing to learn, and accept a new challenge
• You have three or more certifications such as CEH, OSCP, OSCE, GWAPT, GPEN, CEPT, LPT, CPT, GXPN, PenTest+, GAWN, GMOB, CRTOP

Responsibilities

• Execute internal, external, wireless, mobile, API and web application pen tests
• Execute social engineering tests, including phishing, vishing, and physical
• Execute vulnerability scans and assessments
• Compile and write client reports

Preferred Qualifications

• Knowledge of incident response/forensics/red-teaming or DevOps a huge plus but not required
• Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#
• Knowledge of network protocol design, or zero day exploitation
• Know about static code analysis and have used SCA tools
• You have soldered to a device to exploit it, or extract information from an embedded device
• You are an innovator, you feel something is missing, and want to create it
• Want to work in IoT, embedded testing, or research niche threat and exploitation for the future

Benefits

• Employer Paid Health, Vision, Dental
• 401 (K) Plan with Employer Matching
• Competitive Bonus Structure
• Employer Paid Life Insurance and Disability Insurance
• Generous Paid Time Off Plan
• Technology Allowance
• Vacation Bonus
• Paid Office Closure December 24-January 1
• Paid Holidays Schedule
• Certification Reimbursement