Penetration Tester

**Client Details**:
**Role Responsibilities**:
Conduct both internal and external penetration tests for web and network environments.

Include penetration testing as part of security assessments for clients.

Perform penetration testing on infrastructure, networks, servers, and software.

Build and execute vulnerability assessments and penetration testing for clients, covering internal, external, and social engineering tests.

Help mature the red teaming capability area through the use of technology and automation to continually validate controls.

Create professional reports detailing assessment findings, with recommendations to mitigate security issues.

Assist in driving and validating remediation efforts for identified security issues.

Manage and improve existing toolsets, including pen testing, secure coding, and source code analysis.

Investigate new approaches, technology, and automation to improve security.

Use feedback and reflection to develop self-awareness and address development areas.

Delegate tasks to others to provide stretch opportunities and coach them to deliver results.

Demonstrate critical thinking and problem-solving skills.

Use various tools and techniques to extract insights from current industry trends and sector trends.

**Preferred Qualifications**:
Information Security Membership - ISC2, EC-Council etc.

CEH, CISSP, Security+, or any other related cert.

**Relevant Skills / Experience**:
**Possess 5-7 years of experience in the following**:
Working in a cybersecurity team (experience with multiple security tools would be beneficial).

As a Penetration Tester or in a similar role.

Develop scripts using various languages to establish new tools and environments.

Have experience with web services, including PHP, Apache, HTML, Httpd, Nginx, and Tomcat.

Possess applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/KVM, and cloud technologies such as AWS, Azure, or Google.

Demonstrate critical thinking and problem-solving skills.

Experience with API integration.

Possess in-depth knowledge of endpoint security products.

Possess knowledge of MITRE ATT&CK.