Connecting linkedin

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9oyw1sew4td2lsbglhbxmvanbnl2jhbm5lci1kzwzhdwx0lwpvyi5qcgcixv0

Job

Senior Network & Cloud Penetration Tester

  • Location

    United States

  • Sector:

    Technology

  • Job type:

    Permanent

  • Salary:

    $130,000-$140,000 USD

  • Contact:

    Jovan Ortiz

  • Contact email:

    j.ortiz@hamlynwilliams.com

  • Salary high:

    0

  • Salary low:

    0

  • Published:

    10 days ago

  • Expiry date:

    2023-06-10

SENIOR NETWORK & CLOUD PENETRATION TESTER (Full-Remote)

You must be a U.S. Citizen or Permanent Resident in order to qualify.

 

Role

  • Perform cloud and network vulnerability assessment networks and hosts
  • Execute network penetration tests and red team engagements with offices and employees to assess the effectiveness of security controls
  • Complete documentation of all activities/tasks within the team's defined procedures
  • Identify upgrades that are required for existing tools

 

Skill-set Requirements:

 

  • Proficient in scripting languages such as Python, PowerShell, and Bash.
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire, and AutoSploit.
  • Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
  • Strong AWS architecture, and CLI/API fundamentals, particularly for most common AWS services.
  • Strong fundamentals with AWS security services, including CloudTrail, CloudWatch, GuardDuty, KMS, SSO, Secrets Manager, Cognito, VPCs / VPC Flow Logs
  • Understanding AWS attack vectors and possible misconfigurations, such as IAM privilege escalation methods, EC2 Systems Manager, Cloud
  • Strong operating system knowledge across *nix, Windows, and Mac; proficient with networking protocols.
  • Ability to obtain and maintain persistence within corporate systems, while avoiding detection.
  • Familiarity with defensive and monitoring technologies such as intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
  • Understanding of OWASP, the MITRE ATT&CK framework, and the software development lifecycle (SDLC).
  • Strong communication skills, written & verbal
  • A strong curiosity for all things security.