Penetration Tester

*This position can be remote in the US*

What we’re looking for…

We are currently seeking a Penetration Tester to join our Security & Compliance team. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems. The position will manage all phases of vulnerability management including both internally identified issues as well as externally discovered ones.  Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools.

What you’ll be doing…

• Discovers and exploits vulnerabilities affecting corporate infrastructure.

• Develops and maintains tools to assist in vulnerability research and exploit development.

• Communicates information security vulnerabilities to the business.

• Interface and coordinate with engineering and support teams to analyze and review mitigation strategies; provide guidance and assist when strategies need to be enhanced.

• Analyze and prioritize scan results report discovered vulnerabilities and assist with mitigation strategies for vulnerabilities that cannot be corrected.

• Perform Independent Verification and Validation activities.

• Create and maintain a strategic reporting mechanism to ensure stakeholders understand Key Risk Indicators.

• Escalates issues to IT security team and engineering through standard escalation processes.

• Provides technical expertise and advice on all areas of security technology including: network security platform security authentication/authorization systems application security security architecture policy enforcement and security frameworks.

• Integrates information security controls into an environment to identify risks and reduce impact.

• Deliver high quality actionable advice.

• Works with technology groups to evaluate select install and configure hardware/software systems to comply with established enterprise security standards and policies.

Qualities you possess…

• 5+ years of Information Security experience.

• 3+ years direct or equivalent experience in areas of penetration testing exploit development vulnerability research and management.

• In-depth knowledge and experience with Linux Operating Systems.

• Experience performing host network and web application penetration tests.

• Scripting experience with the ability to develop custom scripts exploits and tools.

• Experience with common penetration testing tools.

• Experience developing detailed penetration testing reports that can speak to multiple audience types.

• One or more of the following Security certifications: OSCP PenTest+ CISSP SSCP CSSLP Security+.

Desired Requirements...

• Bachelor of Science in Computer Science Computer Engineering or Electrical Engineering or a related technical field or equivalent professional experience.

• Experienced programming using PHP nodejs and Python (or a comparable scripting language).

• Experience with Tenable Blackduck or other vulnerability detection tools.

• Experience with defining or managing a vulnerability management program.

• Experience with identifying and mitigating vulnerabilities in cloud environments (i.e. AWS).

• Source code review for control flow and security flaws.

Benefits & Perks

• A remote-first culture - work from home or come into the office it's totally up to you.

• Comprehensive medical dental and vision plans.

• 401(k) plan with employer match.

• Flexible Paid Time Off (FTO) so that you can take the time that you need to re-energize.

• Volunteer Time Off (VTO) - take two days off per calendar year to volunteer with your preferred charitable organization.

• 5-year Service Milestone Sabbatical.

• Paid parental leave.

• Generous employee referral bonus program.

• Pet insurance.

• HQ Office centrally located in Reston Town Center featuring a well-stocked kitchen with rotating snacks and beverages and catered lunch on Thursdays.

• Regular virtual company-wide events including cooking classes yoga meditation and more.

• The opportunity to learn and develop from some of the best and brightest minds in the industry!

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At ScienceLogic we are dedicated to building a diverse inclusive and authentic workplace so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description we encourage you to apply anyway. You may be just the right candidate for this or other roles.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin or any other applicable legally protected characteristics in the location in which you are applying.

About ScienceLogic

We empower intelligent and automated IT operations.

The ScienceLogic SL1 platform enables companies to digitally transform themselves by removing the difficulty of managing complex distributed IT services. We use patented discovery techniques to find everything in your IT environment so you get visibility across all technologies and vendors running anywhere in your data centers or clouds

www.sciencelogic.com

All ScienceLogic employees have the responsibility to protect information assets adhere to access controls report suspicious activity and comply with security and privacy policies.

#LI-Remote