Penetration Tester

$103,800 - $156,000/Yr

University of California - Richmond, CA

posted 8 days ago

Full-time - Mid Level
Richmond, CA
Educational Services

About the position

The University of California, San Francisco is seeking an experienced Penetration Tester specializing in web application testing. This role is crucial for conducting comprehensive assessments of web applications to identify vulnerabilities and enhance security measures, particularly for the California Immunization System. The incumbent will work closely with the Information Security Office and system owners to implement and maintain security protocols against unauthorized access and cyber threats.

Responsibilities

  • Conduct penetration testing on web applications to identify vulnerabilities that could be exploited by adversaries.
  • Perform white-box, gray-box, and black-box testing of enterprise applications and assets, providing actionable reports to technical teams and stakeholders.
  • Collaborate with the Information Security Office (ISO) and system owners to define the rules of engagement (ROE) for penetration testing in production environments.
  • Conduct pretest analysis based on full knowledge of the target system and identify potential vulnerabilities.
  • Test to determine the exploitability of identified vulnerabilities.
  • Document the results of penetration testing, including detected vulnerabilities and remediation strategies.
  • Conduct follow-up penetration testing to confirm successful remediation of previously identified vulnerabilities.

Requirements

  • Bachelor's degree in a related area and/or equivalent experience/training.
  • Minimum 3+ years of experience in Penetration Testing.
  • Experience using IT security systems and tools.
  • Knowledge of data encryption techniques.
  • Demonstrable skills and experience in network, operating system, and application-level security.
  • Familiarity with NIST SP800-53 Revision 5 and other relevant security and privacy controls.
  • Excellent communication skills to effectively report findings and recommendations.
  • Basic skill at reading and interpreting security logs.
  • Interpersonal skills sufficient to work effectively with both technical and non-technical personnel.

Nice-to-haves

  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Certified Penetration Tester (GPEN)
  • PenTest+
  • Experience with Burp Suite and Metasploit
  • Offensive Security Certified Professional (OSCP)
  • Certified Expert Penetration Tester (CEPT)

Benefits

  • Comprehensive health insurance
  • Retirement savings plan
  • Flexible work hours
  • Professional development opportunities
  • Paid time off and holidays

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service