Senior Penetration Tester

Primary Responsibilities

• Contribute to the backend development of our automated pentesting framework to continuously improve efficiency and introduce new automated exploits.
• Collaborate with the penetration testing team on new tools and strategies for expanding the framework.
• Stay updated with the latest and greatest security vulnerabilities and available exploits to incorporate into the platform.
• Document and streamline development best practices and initiatives.
• Use custom and open-source tools to perform and report on exploitation and post-exploitation attacks that were not covered by our automation efforts.
• Identify bugs and room for improvement relating to the framework and other custom tools for our automation team.
• Contribute to internal documentation of (post-) exploitation attacks.
• Collaborate with our automation team by suggesting and documenting attacker vectors not yet covered by the framework.
• Occasionally write scripts in Ruby, Python, and/or Bash to automate manual testing routines and/or specific attacks (e.g., testing for and exploiting default credentials in common web apps).
• Recommend new procedures, policies, and tools to streamline our pentest QA process and eliminate repetitive, manual tasks.

Qualifications

• Must be comfortable performing post-exploitation in Active Directory and enterprise environments with no assistance.
• Must possess and demonstrate experience with object-oriented programming (OOP).
• Experience with MVC frameworks, especially Ruby on Rails, is a huge plus.
• Must possess knowledge in either Ruby or Python.
• Must be able to use Linux without any assistance.
• Must be familiar with standard penetration testing tools (e.g. Nmap, Metasploit, etc.).
• Ability to adapt and learn new creative ways to solve inefficiencies through automation.
• Understanding of networking protocols and terminology.
• Passion for developing new tools and scripts to solve problems.
• Excellent teamwork and collaboration skills.