Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs - Security Engineer - Pen Tester Multiple Locations GPEN, GWAPT, GCIH, GXPN, GAWN, GMOB, GPYC, GSEC, GCIA, GISF, GCED, GCWN, GPPA, GCCC, GCUX, GCDA InfoSec Jobs


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security Engineer - Pen Tester
Company Stroz Friedberg, an Aon company
Location Multiple Locations
Preferred GIAC Certifications GPEN, GWAPT, GCIH, GXPN, GAWN, GMOB, GPYC, GSEC, GCIA, GISF, GCED, GCWN, GPPA, GCCC, GCUX, GCDA
Travel 30%
Salary Not provided
URL https://www.strozfriedberg.com/careers/employment-listings/?p=job%2FoEo46fwW
Contact Name Robyn Brooks
Contact Email rbrooks/at/strozfriedberg.com
Expires 2018-06-06

Job Description

Security Engineer - Pen Tester
Multiple Locations (US)

The Proactive Security Testing practice, formerly Gotham Digital Science, is looking for smart, energetic and motivated individuals to add to its New York City and Charlotte, NC teams. As a Consultant you will be performing the following services:

-Web and mobile application penetration testing.
-Application source code review.
-Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access.
-Documenting technical issues identified during security assessments.
-Secure Development Lifecycle consultancy and advisory.
-Vulnerability research and exploit development.

The Proactive Security testing team provides a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.

The following are expected from potential applicants:

-2+ years of experience with penetration testing against web and mobile application layer platforms, above and beyond running automated tools.
-1-2 years of experience with network/infrastructure penetration testing.
-Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java.
-Familiarity with application layer assessment tools, such as local proxies and fuzzers.
-Familiarity with threat modeling and security design review methodologies.
-A good understanding of Unix, Windows and network security skills.
-Ability to work both independently and perform as a leader in a team environment.
-Ability to work remotely as part of a distributed team and travel to client sites when required.
-Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences.


The following skills are not required from applicants but would be considered a plus:

-Degree in Computer Science, Information Systems, Engineering or related major.
-Experience working as part of an enterprise development team.
-Experience developing custom scripts or tools used for vulnerability scanning and identification.
-Experience with client/server thick client penetration testing.
-A good understanding of cryptography fundamentals.
-Produced public facing research and/or delivered presentations at well known industry security conferences.