|Company||MSU Federal Credit Union|
|Location||East Lansing, MI|
|Preferred GIAC Certifications||GIAC GPEN, GIAC GWAPT|
|Contact Name||Joe Winkler|
A day in the life of a Penetration Tester
Penetration Testers partner with the IT department to perform innovative security testing with the intent of increasing MSUFCU’s cybersecurity posture. The position will perform network pentests, web app pentests, mobile app pentests, adversary simulations, security product efficacy tests, phishing tests and other related penetration testing projects. They are passionate about their work and are encouraged to research, evaluate, and apply cutting-edge attack techniques to assess MSUFCU’s resilience to current cyberattacks. Qualified candidates will be proficient in communicating expert opinions, capable of lateral thinking, and competent in modifying tool(s) to accomplish testing objectives. This person works independently under general supervision with moderate latitude for initiative and independent judgment while maintaining all organizational and professional ethical standards.
* Perform network, web application, mobile application, physical security reviews, social engineering tests, and other related red team penetration testing projects for the Credit Union within scheduled time frames.
* Identify, develop, and document security issues and recommendations using independent judgment concerning areas being reviewed. Responsible for communicating information, suggestions, and/or problems regarding project status and critical findings to Credit Union management.
* Responsible for organizing and systematically completing supporting documentation to support the work performed.
* Follow industry best practice methodologies for penetration testing.
* Assist with the coordination and performance of all third-party penetration testing projects, regulatory examinations, and other external audits of information systems.
* Perform review and validation procedures for all findings noted by third-party testers related to network and web application security.
* Conduct pre-implementation and new technology reviews related to IT systems, software, and applications.
* Perform related work as assigned by the Chief Risk Officer.
* Assist in communicating the results of projects via written reports and oral presentations to management, the President/CEO, and the Board of Directors.
* Identify and evaluate the Credit Union’s risk areas and provide key input to the development of the annual penetration testing plan.
* Pursue professional development opportunities, including external and internal training and professional association memberships, and share information gained with Credit Union employees and management.
* Represent Risk Management on organizational project teams, at management meetings, and with external organizations.
* Perform other duties and assist other employees, as assigned.
What you can bring to MSUFCU:
* The position requires a bachelor’s degree preferably in computer science, information systems, engineering, or a related discipline.
* GIAC GPEN, GIAC GWAPT, or pursuit of similar designation is strongly preferred.
* Network, web application, or mobile application penetration testing experience is strongly preferred.
* Experience in vulnerability identification and remediation is strongly preferred.
* Experience with commercial and open source penetration testing tools is strongly preferred.
* Experience in applying adversarial techniques (e.g. ATT&CK) is a plus.
* Understanding of CVSS, CVE, and other standards.
* Knowledge of management information systems terminology, concepts, and practices is required.
* Knowledge of industry program policies, procedures, regulations, and laws is required.
* Considerable skill in assessing the effectiveness of cybersecurity controls, identifying significant exposures, and developing appropriate recommendations to address exposures is required.
* Knowledge of information security control practices and frameworks (e.g., CIS CSC, ATT&CK, OWASP, PTES, NIST, etc.) is strongly preferred.
* Experience in discovering vulnerabilities through fuzzing or code review is a plus.
* History of contributing to the cybersecurity community (e.g. contributing to an open source project(s), presenting at a conference, volunteering or serving at a cybersecurity event, etc.) is a plus.
* Skill in conducting quality control reviews of work products.
* Considerable skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines.
* Skill in negotiating issues and resolving problems.
* Considerable skill in effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations.
* Ability to establish and maintain harmonious working relationships with co-workers, staff and external contacts, and to work effectively in a professional team environment.
* Ability to learn new operations quickly and work independently a must.
Bachelors or better in Computer Science or related field