This position exposes a candidate to the best of both worlds - Penteration Testing as well Developing Prototype tools to assist in the testing phase. This position includes research and prototype development of automated cyber security testing and security data analytics tools used in the assessment of enterprise network segments and web applications. Selected candidate will also participate in cyber security penetration testing engagements in order to establish subject matter expertise. The purpose of developed tools are to automate repetitive steps of cyber security assessments, provide pattern recognition within security artifacts, correlate findings to missing security controls, and visualize data. Prototypes will be developed and documented for transition to RiskSense platform software engineering teams. Typical provided datasets will include automated security scanner results, threat feeds, exploit databases, penetration testing reports, malware data, configuration management databases, and security control definitions from NIST 800-53a (or other applicable standards).
Key job activities:
Data Correlation and Aggregation
Penetration testing activities:
Conduct Cyber Security Assessments and Penetration Tests (hands-on work) in small project teams.
Search for security vulnerabilities in various IT assets (e.g. web applications, servers, workstations, embedded devices).
Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines), and be able to use tools for a basic level assessment, and manual penetration testing for advanced level assessments.
Document findings for management and technical staff and recommend mitigating actions.
Support clients with feedback and verification during mitigation.
Deploy Tools – e.g. Burp Suite, Metasploit, Nessus, Nexpose, Nmap