Penetration Tester

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
The CISO Cybersecurity Operations team is looking to add a penetration tester to the team. This role is highly technical and candidates must possess a solid understanding of information security preferably with a strong computer science background. Pen-testers/red teamers must understand applications networking and various operating systems along with tools and frameworks and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.
Penetration-testers/red teamers must constantly search for system and application weaknesses to exploit but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation as well as contribute to other collaborative approaches driven by the security team strategy such as purple teaming to enhance skillsets for both red and blue team members.
While some automated tools will be leveraged the penetration-tester/red teamer must realize this is not solely a point-and-click role but requires hands-on expertise with a variety tools to simulate attacker tactics techniques and procedures (TTPs). When performing red team exercises the penetration-tester/red teamer must strive to avoid detection. In addition to stealthy engagements however penetration-testers/red teamers must also participate in visible and announced assessments for new and existing services infrastructure and applications to help the team identify weaknesses before an attacker does

Required Technical and Professional Expertise

• Minimum required certification: OSCP or equivalent e.g. Offensive Security Web Expert (OSWE) and Offensive Security Web Assessor (OSWA))
• Minimum of 3 preferably 5 years of “hands on” Penetration Testing Experience with operating systems web applications and network infrastructure.
• Minimum of 3 preferably 5 years experience with using Penetration Testing Tools. e.g. NMap Nessus Metasploit BurpSuite Nito Tcpdump.
• Administrator level knowledge of Server Operating Systems specifically Unix and Windows to test infrastructure. Well versed in Kali Linux.
• Ability to test web technologies e.g. web applications containers container managers.
• Sufficient technical knowledge of TCP/IP Networking/Routing Intranet / Internet Architectures and Segregation Technologies/VLANs Firewalls Intrusion Detection Intrusion Prevention SQL Databases
• Programming ability to create read and modify exploit code to achieve system penetration. C C++ Java C# scripting knowledge is an asset.
• Ability to clearly present the penetration testing results including recommendations to fix.

Preferred Technical and Professional Expertise

• Preferably a bachelor’s degree or College Diploma in computer science or related field