Senior Penetration Tester Role in Cork
Senior Penetration Tester
The qualified candidate will possess a working knowledge of critical build-in security practices and a strong working knowledge of vulnerability management and penetration testing. This includes: researching, identifying, reporting, validating, reproducing vulnerabilities and providing consultation upon request. To be effective in this role, the candidate must have excellent written and oral communications skills and be highly effective at influencing individuals outside their reporting structure. The candidate must also be proficient in the use of Microsoft Suite of tools (i.e. Excel, PowerPoint and Word), and understand Scaled Agile delivery frameworks. This individual will be charged with significantly reducing vulnerabilities, validating findings, conducting end-to-end penetration tests, improvement of ongoing cyber-hygiene, and assisting in the continuous improvement of our enterprise-wide threat and vulnerability management program.
- Manage engagement scoping and requirements for penetration testing services
- Conduct network and application penetration testing at an advanced level
- Develop comprehensive actionable deliverables resulting from engagements
- Collaborates with Windows, Unix, Linux and IT Infrastructure teams to drive remediation of reported vulnerabilities through risk/threat-based assessment of security controls and tools.
- Articulate risk and business impact to stakeholders
- Ability to convey the urgency and need to remediate vulnerabilities commensurate with the risk it presents to the company.
- Develops and maintains vulnerability and response artifacts systematically to produce metrics that can measure the overall program maturity and progress.
- Creates visibility and awareness at appropriate level including executive leadership teams, CISO and other on vulnerabilities that require attention
- Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability response and remediation efforts
- Cultivates the practice of staying abreast on latest trends and developments in vulnerability response and remediation activities followed across industry.
- Actively reviews public and private vulnerability notifications/disclosures, consumes research findings and prioritizes remediation efforts.
- Research exploit techniques and mitigation strategize
- Build relationships and become a trusted advisor with BU and technology owners to influence change and drive ownership and accountability.
6+ years' experience in Vulnerability Management
4+ years of direct penetration testing experience with multiple toolsets
- Good working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
- Administration experience with any of the following: Nessus, Rapid7, Qualys, Core Impact, Metasploit and other scanning and analysis solutions.
- Experience with automated and manual penetration testing
- Provide data management and analysis for activities and continuous project initiatives
- Use various data sources to identify and solve for programmatic needs and gaps in IT system coverage.
- Participate in strategic planning with regards to program development of IT Systems Assurance
- Assist with program assessments ensuring programmatic goals are well documented
- Perform data validation and quality control checks to ensure adherence to ETS/ISRM protocols
- High proficiency with MS Office productivity applications and Visio
- Good oral/written communications to effectively communicate with stakeholders - peers, customers and managers
4-year degree in computer science or related field or equivalent experience
Any of the following preferred but not required:
GCWN, GWAPT, GPEN, GCUX, CEHv10, GXPN, OSCP, CISSP
Morgan McKinley is acting as an Employment Agency in relation to this vacancy.
Please note that any references to salary or pay rates in this advertisement and in the salary refinement section are indicative only and should only be used as a guide.