170 applicants

Company

Airitos, LLC · 6 days ago

Penetration Tester

United States

Full-time

Remote

Senior Level

6+ years exp

Maximize your interview chances

Computer Software

No H1B

Insider Connection @Airitos, LLC

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Assist in developing a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that such developed software is free of security vulnerabilities.

Conducting and leading comprehensive penetration tests on client networks, systems, and applications.

Identifying security vulnerabilities, misconfigurations, and weaknesses in target environments.

Utilizing automated scanning tools and manual testing techniques to exploit vulnerabilities.

Documenting findings, methodologies, and recommendations in clear and concise reports for clients.

Evaluate SDLCs and advise on applicable application security technologies and integration points.

Implement application security technologies with SDLCs, including integration of technology, workflows, documentation, training, and other functions necessary to enable stakeholder success.

Support developer teams in managing day to day cyber security processes pertaining to development of software.

Provide technical guidance to developers as it relates to cybersecurity.

Ensure the reliable operation of application security technologies that support program objectives.

Work with quality assurance teams to ensure that software is sufficiently analyzed by application security technologies and processes.

Work with software development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.

Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting vulnerability analysis.

Provide remediation guidance and recommendations to developers and administrators.

Support development of incident response exercises to support development of approaches to respond to use case driven alerts and incidents.

Perform security configuration reviews of our products to ensure that they are in alignment with company established best practices.

Maintaining ethical standards and confidentiality while conducting penetration testing activities.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Penetration TestingCybersecurity FundamentalsSASTDASTMetasploitNmapBurp SuiteWiresharkCloud SecurityC#GoLangNETNodeJSJavaC++PHPPythonOSCPCEHGPENISO 27001ITILCoBITAWSGCPMicrosoft AzureThreat ModelingFuzz TestingWeb Service TechnologiesEncryption Technologies

Required

21 years of age.

Proof of authorization to work in the United States.

Must be able to obtain and maintain a Nevada Gaming Control Board Registration and any other certification or license, as required by law or policy.

Any of the following combinations of education, professional experience, or both: At least 6 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or At least 6 years of related field work experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role and technical degree in computer / information science; or At least 10 years of relevant field experience in Penetration Testing and / or Cloud Security, at least 2 years of which in a software development role, and at least 2 years of which in a cyber security role.

A strong understanding of cybersecurity fundamentals relating to software development.

Experience developing software utilizing at least two of the following coding languages: C#, GoLang, .NET, NodeJS, Java, C++, PHP, Python, or others.

Proven experience in conducting penetration tests and security assessments across a variety of environments.

Advanced proficiency with penetration testing tools such as Metasploit, Nmap, Burp Suite, and Wireshark.

Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are required (at least one).

Demonstrated experience working with technical and non-technical staff.

Strong collaboration and communication skills.

Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks, for example: International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT)

Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud

Experience with at least three of the following technology spaces (more is preferred): SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling, and similar.

Experience validating software development processes meet cybersecurity requirements.

Experience analyzing code for weaknesses and errors and overseeing plans to improve code.

Safety, consistency in schedule, and regular attendance are essential functions of this job.

Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business).

On an infrequent, but as needed basis, must be able to work varied shifts, including nights, weekends, and holidays.

Willingness to perform other related duties as assigned.

Preferred

Professional certification in both cybersecurity and software development preferred.

Experience as an application or product security engineer.

Experience in software development of enterprise applications.

Experience in a technical consulting/professional services role, preferably in cyber security, or software development.

Proficiency with multiple front-end, back-end, and scripting programming languages and demonstrated ability to become proficient with new programming languages and technologies.

Strong familiarity with common vulnerabilities and attack vectors.

Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs.

Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).

Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments.