Mindlance
Title: Jr. Penetration Tester
Remote, Raleigh - Telecommuter
Duration: 5 to 6 months
Business Initiative/Purpose:
Vulnerability and Patch Management
Initial/Primary Project Name(s):
VMDP Pentest Support
Bachelor Degree: (Required, Preferred or Not Required) Required
Role Responsibilities: (what they will be doing)
Schedule and conduct demo sessions with application teams to understand the functionality and architecture of target applications Perform comprehensive penetration tests on a set list of web applications, adhering to industry-standard best practices for each test Utilize a variety of tools including Burp Suite, Metasploit, Kali Linux, Nessus, and other relevant hacking tools Conduct testing across diverse environments, including on-premises, APIs, AWS, Azure infrastructures Document and report vulnerabilities, including detailed explanations, reproduction steps, and potential impacts Provide clear and actionable recommendations for remediation to development teams Conduct retests to verify the successful resolution of identified vulnerabilities Stay updated with the latest web application security threats and testing methodologies Speak at established routines (up to 150 people,) proving updates and insights on ongoing penetration testing activities. Run office hours to address queries and concerns from various stakeholders. Coordinate test issues, working closely with technical teams to resolve any problems that arise during testing. Assist with metrics compilation and reporting to track the team's performance and progress. Meet with application teams to discuss vulnerabilities, facilitating clear communication between security and development teams. Create and maintain all documentation (e.g. standards, policies, procedures) necessary for compliance and application of application security controls and tool selection. Provide critical support for cybersecurity technology infrastructure issues to internal clients, exercising judgement on when to escalate to senior resources. Occasional on call time, with nights or weekends
Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)
Bachelor's degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience. In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security. Previous experience in planning and managing IT projects Plus/Nice to Have Skills/Prior Experiences: (Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)
"Bachelor's degree and six years of experience or an equivalent combination of education and work experience. Banking or financial services experience Certifications such as CompTIA Pentest +, OSCP, OSQW, or other relevant offensive security certifications Experience with scripting languages such as python and bash Knowledge of regulatory compliance standards (NYDFS, NIST CSF, PCI-DSS, SOX, SOC1, UCF) Published CVE/CWE contributions, hackathon participation, CTF events, and independent security projects "
EEO
"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."
Business Initiative/Purpose:
Vulnerability and Patch Management
Initial/Primary Project Name(s):
VMDP Pentest Support
Bachelor Degree: (Required, Preferred or Not Required) Required
Role Responsibilities: (what they will be doing)
Schedule and conduct demo sessions with application teams to understand the functionality and architecture of target applications Perform comprehensive penetration tests on a set list of web applications, adhering to industry-standard best practices for each test Utilize a variety of tools including Burp Suite, Metasploit, Kali Linux, Nessus, and other relevant hacking tools Conduct testing across diverse environments, including on-premises, APIs, AWS, Azure infrastructures Document and report vulnerabilities, including detailed explanations, reproduction steps, and potential impacts Provide clear and actionable recommendations for remediation to development teams Conduct retests to verify the successful resolution of identified vulnerabilities Stay updated with the latest web application security threats and testing methodologies Speak at established routines (up to 150 people,) proving updates and insights on ongoing penetration testing activities. Run office hours to address queries and concerns from various stakeholders. Coordinate test issues, working closely with technical teams to resolve any problems that arise during testing. Assist with metrics compilation and reporting to track the team's performance and progress. Meet with application teams to discuss vulnerabilities, facilitating clear communication between security and development teams. Create and maintain all documentation (e.g. standards, policies, procedures) necessary for compliance and application of application security controls and tool selection. Provide critical support for cybersecurity technology infrastructure issues to internal clients, exercising judgement on when to escalate to senior resources. Occasional on call time, with nights or weekends
Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)
Bachelor's degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience. In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security. Previous experience in planning and managing IT projects Plus/Nice to Have Skills/Prior Experiences: (Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)
"Bachelor's degree and six years of experience or an equivalent combination of education and work experience. Banking or financial services experience Certifications such as CompTIA Pentest +, OSCP, OSQW, or other relevant offensive security certifications Experience with scripting languages such as python and bash Knowledge of regulatory compliance standards (NYDFS, NIST CSF, PCI-DSS, SOX, SOC1, UCF) Published CVE/CWE contributions, hackathon participation, CTF events, and independent security projects "
EEO
"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."