As a Senior Penetration Test Engineer, you will play a pivotal role in identifying and mitigating security vulnerabilities within our systems, applications, and network infrastructure. Your expertise will be instrumental in ensuring our security measures are robust and effective against potential threats. This role requires a deep understanding of penetration testing methodologies and a strong background in security engineering.
Responsibilities:
- Penetration Testing: Conduct comprehensive penetration tests on systems, applications, and network infrastructure to identify security weaknesses. Develop and execute detailed test plans, analyze findings, and work with relevant teams to implement corrective actions.
- Security Stack Management: Oversee and optimize our security stack, including SIEM, EDR, NDR, VM, WAF, firewalls, email security, IAM, and more, ensuring alignment with security objectives and best practices.
- Vulnerability and Incident Management: Lead the vulnerability and incident management processes, prioritizing and addressing vulnerabilities identified during penetration testing to ensure compliance with security policies and standards.
- Project Leadership: Lead and manage penetration testing projects, ensuring timely and effective completion. Develop and prioritize security initiatives to enhance our penetration testing capabilities and overall security posture.
- Documentation and Reporting: Create comprehensive penetration testing reports, maintain documentation of testing methodologies and findings, and ensure security policies and procedures are kept current.
- Audits and Reviews: Conduct security audits and reviews, providing metrics and diagrams to support compliance efforts. Perform regular penetration testing assessments and audits.
- Security Education and Awareness: Contribute to the development of internal security testing and monitoring processes, educating stakeholders on evolving security technologies and penetration testing best practices.
- Risk Assessment and Mitigation: Collaborate with IT and other departments to assess and address security risks, utilizing penetration testing results to drive proactive risk management efforts.
- Continuous Learning: Stay abreast of emerging IT security technologies and trends, with a particular focus on advancements in penetration testing tools and methodologies. Share knowledge and insights with the team to drive innovation.
- Compliance Support: Collaborate with internal compliance teams to address compliance mandates through policy development and process improvement, ensuring penetration testing practices align with regulatory requirements.
- On-call Support: Participate in 24/7 on-call duties to support essential business clients and respond to emergencies.
Qualifications:
- Education: Bachelor’s Degree in Computer Science, Information Security, or a related field, or equivalent related experience.
- Experience: Minimum of 5+ years of software engineering experience, ideally with a background in Python but also open to other open-source languages
- Experience designing and implementing SOAP, REST, and APIs.
- Experience with Docker, K8’s, Terraform and the DevOps/IAAC ecosystem
- Technical Knowledge: Proficiency in security engineering, penetration testing methodologies, computer and network security, authentication, security protocols, and applied cryptography.
- AWS Experience: Experience with AWS is a significant plus.
- Certification: Relevant certifications such as CISSP, OSCP, or CEH are highly desirable.