Penetration Tester

*This position can be remote in the US (Eastern/Central Time Zone)*

What we’re looking for…

We are currently seeking a Penetration Tester to join our Security & Compliance team. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems. The position will manage all phases of vulnerability management including both internally identified issues as well as externally discovered ones.  Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools.

What you'll be doing...

• Discovers and exploits vulnerabilities affecting corporate infrastructure
• Develops and maintains tools to assist in vulnerability research and exploit development
• Communicates information security vulnerabilities to the business
• Interface and coordinate with engineering and support teams to analyze and review mitigation strategies; provide guidance and assist when strategies need to be enhanced
• Analyze and prioritize scan results report, discovered vulnerabilities and assist with mitigation strategies for vulnerabilities that cannot be corrected
• Perform Independent Verification and Validation activities
• Create and maintain a strategic reporting mechanism to ensure stakeholders understand Key Risk Indicators
• Escalates issues to IT, security team, and engineering through standard escalation processes
• Provides technical expertise and advice on all areas of security technology, including: network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks
• Integrates information security controls into an environment to identify risks and reduce impact
• Deliver high quality actionable advice.
• Works with technology groups to evaluate, select, install, and configure hardware/software systems to comply with established enterprise security standards and policies

Qualities you possess...

• 3+ years of Information Security experience
• 3+ years direct or equivalent experience in areas of penetration testing, exploit development, vulnerability research and management
• In-depth knowledge and experience with Linux Operating Systems
• Experience performing host, network, and web application penetration tests
• Scripting experience with the ability to develop custom scripts, exploits, and tools
• Experience with common penetration testing tools
• Experience developing detailed penetration testing reports that can speak to multiple audience types
• One or more of the following Security certifications: OSCP, PenTest+, CISSP, SSCP, CSSLP, Security+

Bonus points...

• Bachelor of Science in Computer Science, Computer Engineering, or Electrical Engineering or a related technical field or equivalent professional experience
• Experienced programming using PHP, nodejs, and Python (or a comparable scripting language)
• Experience with Tenable, Blackduck or other vulnerability detection tools
• Experience with defining or managing a vulnerability management program
• Experience with identifying and mitigating vulnerabilities in cloud environments (i.e. AWS)
• Source code review for control flow and security flaws

About ScienceLogic

ScienceLogic is a leader in IT Operations Management, providing modern IT operations with actionable insights to resolve and predict problems faster in a digital, ephemeral world. Its solution sees everything across cloud and distributed architectures, contextualizes data through relationship mapping, and acts on this insight through integration and automation.

www.sciencelogic.com