Comcast Cybersecurity: Penetration Tester 3

Comcast - Philadelphia, PA

posted 21 days ago

Full-time - Mid Level
Philadelphia, PA
Broadcasting and Content Providers

About the position

The Penetration Tester (Engineering Level 3) at Comcast is responsible for conducting various security assessments, including web application, network, mobile, and cloud penetration testing. This role involves participating in red team exercises and contributing to the enhancement of the company's security infrastructure. As a mid-level team member, the position offers opportunities for project ownership, mentoring junior staff, and collaborating with cross-functional teams to identify and remediate vulnerabilities.

Responsibilities

  • Perform vulnerability scanning and penetration testing across diverse systems, applications, and environments.
  • Analyze and prioritize findings based on the Common Vulnerabilities and Exposures (CVE) database and the Common Vulnerability Scoring System (CVSS).
  • Execute application penetration tests for APIs, mobile SDKs, cloud environments, and web applications from both open and closed-box perspectives.
  • Contribute to and maintain the team's tools, labs, and attack infrastructure; actively share knowledge through internal wikis and repositories.
  • Effectively communicate findings and recommendations to both technical and non-technical stakeholders, preparing comprehensive reports and presentations.
  • Stay informed on the latest cybersecurity trends, techniques, and vulnerabilities by following industry publications and threat feeds.

Requirements

  • 3-5 years of experience in penetration testing with hands-on experience using tools like Burp Suite, Metasploit, Nessus, Nmap, and other security testing tools.
  • Solid understanding of the OWASP Top 10, CVSS, and CVE databases.
  • Practical experience with web application, network, mobile, and cloud penetration testing.
  • Strong network and application penetration testing skills, with experience in Linux and Windows environments.
  • Strong analytical, problem-solving, and communication skills, with attention to detail and a proactive mindset.

Nice-to-haves

  • Proficiency in at least one cloud platform (AWS, GCP, or Azure); experience with mobile app security testing is preferred.
  • Scripting experience with Python, Bash, Ruby, C/C++, C#, or Java to automate testing processes and streamline remediation.
  • Demonstrated ability to work independently on complex assessments while collaborating with cross-functional teams.
  • Certifications such as: OSCP, OSWA, OSWE or similar.
  • Hands-on experience with Kubernetes and a solid understanding of hardware communication protocols (e.g., I2C, SPI, UART) are a plus.
  • Research publications, CVEs, CTF participation and conference presentations are an added bonus.

Benefits

  • Medical & Dental
  • 401(k) Savings Plan
  • Generous paid time off
  • Adoption assistance
  • Childcare resources
  • Pet insurance
  • Discounted digital TV and internet services
  • Discounted tickets for Universal Resorts
  • Free tickets to Universal theme parks

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service