Principal Security Engineer – Network and Web App Penetration Tester

  • Company:
    Shorebreak Security
  • Location:
  • Salary:
    negotiable / monthly
  • Job type:
    Full-Time
  • Posted:
    20 hours ago
  • Category:
    Real Estate

Job Description

NOTE: DO NOT APPLY FOR THIS JOB UNLESS YOU ARE A PROFESSIONAL PENETRATION TESTER AND YOUR RESUME REFLECTS AT LEAST 5 YEARS EXPERIENCE IN A POSITION WHERE THIS WAS YOUR JOB. This is not a job for ISSOs, A&A folks, IT managers etc.

Shorebreak Security is seeking highly motivated IT Security professionals with demonstrated experience and expertise in Network and Web Application penetration testing, to conduct engagements for our commercial and Federal Government customers.

We test Federal government customer's national mission critical networks and systems. These systems must be available and must NOT be impacted by our testing – people could die! Please read the last sentence again, and understand why we are serious about hiring folks that know what they are doing.

When not on travel, you will work remotely.

Note: Working from our office in Cocoa Beach, FL is also a possibility

On-site assessments are frequently performed in locations throughout the United States so you must be able to travel 2 weeks a month. Some months there will be no travel, others there could be three weeks, but we try our best to be considerate when scheduling our engagements to limit back to back travel weeks.

For an idea of we we expect, please read this -> http://www.shorebreaksecurity.com/resources/core-competencies-of-a-professional-penetration-tester

Benefits Package:

– Health insurance (100% of employees premium paid. 50% of dependents premium paid by company), Dental and Vision

– Life insurance, short-term and long-term disability insurance 100% paid by company

– Up to 4 weeks paid vacation per year. Sick days, and 7 Federal holidays

– 401k with up to 7% employer contribution

Job Description:

Conduct security assessments of customer networks; validate and exploit security vulnerabilities, leverage those vulnerabilities and determine the overall impact to the organization of those vulnerabilities.

Clearly communicate vulnerability details and risk to customers, both verbally and in writing.

Be able to independently apply testing methods against a wide variety of targets including: Web Applications, databases, wireless networks, conducting social engineering attacks against customer user base, SCADA/ICS, routing infrastructure, VPN, Cloud, and more.

Must have:

– 8+ years experience in Information Security field

– 5 years experience conducting penetration testing

– experience leading and managing pen testing engagements

– excellent social skills

– strong written and verbal communications skills

– the ability to pass a background check

– the ability to pass a verbal technical interview

– the ability to pass a practical (hands-on) test

– expertise in at least one Operating System

– passion for technology and Information Security

– the ability to conduct a pen test without the use of a vulnerability scanner and exploit framework

Required Skills:

– Deep knowledge of IP networking, Operating Systems, Information Security, security testing tools

– Highly motivated individual with the ability to work independently and to think outside the box — "hacker" mentality.

– Expertise with common security tools; nmap, Nessus, Metasploit, Burp, Zap, CAIN, Linux Kali, etc.

– Degrees and certifications are a bonus but not required provided you can demonstrate a high degree of technical skills

– Punctuality

– Humility – there is no room for the "rock star" hacker here. We share info and work as a team.

Please do NOT apply unless you have the "must haves".

Company Description

We're a boutique Information Security firm that specializes in conducting security testing – high quality penetration tests, vulnerability scans, and social engineering testing is ALL we do. We developed an innovative continuous penetration testing service and platform (Lifeguard) that provides a continuous view of IT risk to our customers, and provides our pen testers with an extremely useful tool for when conducting pen tests.

We are a small but fast growing team – this position has a lot of upward mobility.

Check out www.shorebreaksecurity.com for more info.