Consultant, Penetration Tester

International Cotton Agency (Ical) Ltd - Alexandria, VA

posted 4 months ago

Full-time - Entry Level
Remote - Alexandria, VA
501-1,000 employees
Professional, Scientific, and Technical Services

About the position

As a Consultant, Penetration Tester at Sikich, you will be part of a dynamic team that thrives on innovation and collaboration. This role is designed for individuals who are passionate about cybersecurity and are eager to adopt the mindset of a threat actor. You will lead offensive engagements and assist with forensic investigations, all while cultivating trust-based relationships with clients. Your work will not only involve performing penetration tests on applications and network environments but also advising clients on scoping decisions and remediation efforts. You will be expected to author testing plans and penetration test reports using the MITRE ATT&CK Framework, ensuring that your findings are communicated effectively to both technical and non-technical audiences. In this position, you will engage with various technologies, including web applications, firewalls, VPNs, and database functions. You will utilize commercial and open-source security tools such as Nessus, Nmap, Metasploit, and Burp Suite, among others. Additionally, you will create scripts in languages like Python, PowerShell, and JavaScript to enhance the efficiency and reproducibility of your tests. Your role will also involve interpreting vulnerabilities, identifying weaknesses, and advising clients on remediation options. You will have the opportunity to engage with industry as an expert by blogging and speaking at events, further establishing your presence in the cybersecurity community. Sikich is committed to fostering a supportive environment that encourages lifelong learning and professional growth. As a member of our team, you will be recognized for your contributions and will have the chance to make a significant impact in the field of cybersecurity. We believe in a culture of collaboration, where every team member's perspective is valued, and we strive to create a rewarding employee experience that drives innovation and growth for our clients and communities.

Responsibilities

  • Perform penetration tests on applications and network environments.
  • Advise clients on scoping decisions, engagement details, and remediation efforts.
  • Author testing plans and penetration test reports using the MITRE ATT&CK Framework.
  • Perform reconnaissance and network surveys to map targets.
  • Engage with proficiency with various technologies including web applications, firewalls, and database functions.
  • Utilize commercial and open-source security tools such as Nessus, Nmap, Metasploit, and Burp Suite.
  • Create scripts in Python, PowerShell, JavaScript, and Bash to enhance testing efficiency.
  • Interpret vulnerabilities, identify weaknesses, exploit them, and escalate access.
  • Identify systemic weaknesses in client processes and advise on remediation options.
  • Initiate and support cross-sell opportunities.
  • Research trade-craft tools, countermeasures, threats, and technologies.
  • Develop and refine tools, templates, and methodologies as needed.
  • Assist in developing service line processes and expectations.
  • Engage with industry as an expert by blogging and speaking at events.
  • Assist Digital Forensics and Incident Response team with malware analysis and breach investigations.

Requirements

  • At least one (1) year of experience as an associate penetration tester.
  • Ability to successfully complete 100 hour scoped tests in 90 hours.
  • Excellent written, verbal and editorial communication skills.
  • Commitment to working with quality assurance and editorial team.
  • Ability to lead communication with C-level, technical, and non-technical audiences.
  • Experience managing networks and systems for both Windows and Unix platforms.
  • Familiarity with coding and scripting (e.g., C#, PowerShell, JavaScript, Python, Bash).
  • Certified in Network Penetration testing (e.g., PNPT, eJPT, Pentest+).
  • Certified in a penetration testing vertical (e.g., cloud, red team, web apps, mobile apps, Wi-Fi, social engineering).
  • Working toward a general security role (e.g., CISSP, CISM, CISA, GCFA).
  • Working toward an advanced penetration testing certification (e.g., OSCP, GPEN, CRTO).
  • Familiarity with compliance programs (e.g., PCI DSS, HIPAA, GLBA, CMMC).
  • Willingness to learn more about incident response or digital forensics.

Nice-to-haves

  • Servant Leader qualities, focusing on engaging employees and fostering development.
  • Solutions-focused mindset, able to see opportunities in business problems.
  • Strong collaboration skills, building relationships across all levels of the organization.
  • Ability to instill trust and act with integrity.

Benefits

  • Flexible Time Off (FTO) Policy activated on the first day of employment.
  • Paid holidays during the year, including time off the last week of the calendar year when possible.
  • Comprehensive wellness program with rewards for participation.
  • Flexible work arrangements.
  • Health, dental, vision, life, and accident/death/disability insurance options.
  • HSA employer contribution.
  • Nine (9) paid holidays annually.
  • Paid Parental Bonding Leave for birth, adoption, and foster children.
  • 401(k) with employer contributions.
  • CPA bonus with paid exam and study days.
  • Tuition reimbursement.
  • Generous employee referral bonus program.
  • Client referral bonus program.
  • Pet insurance.
  • Community volunteer program allowing paid time to volunteer.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service