Job Description
Our primary mission at Sedara is to bring valuable security services and products to customers in order to better protect their environment, data, employees and brand. We are here to help provide a better understanding of security best practices, identify risks and mitigating activities, offer general guidance, and provide hands-on security from our 24x7x365 Security Operations Center.
Sedara’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization and clients secure. The Penetration Tester will have an adversarial mindset and will be experienced technically with several years’ experience conducting adversary-emulation exercises.
Required Qualifications:
- 3+ years of Offensive Security Experience or Similar
- Advanced Degree, Certifications or Equivalent Experience
- Strong analytical and problem-solving skills
- Detail oriented and strong organizational skills
- Excellent written and verbal communication
- Ability to prioritize and handle multiple tasks in an efficient professional manner while meeting deadlines
- Ability to effectively communicate and build rapport with account executives, sales leadership, marketing and finance
- Positive attitude and comfortable working in a fast-paced environment
Responsibilities:
Utilizing various frameworks and methodologies including, but not limited to:
- National Institute of Standards and Technology (NIST) guidelines
- Penetration testing Execution Standard (PTES)
- NIST 800-115
- The Open Web Application Security Project (OWASP)
- Payment Card Industry Data Security Standards (PCI-DSS)
- MITRE ATT&CK
- Understands Pentesting concepts such as covert operations against complex networks while remaining undetected, advanced application manipulation, and programming concepts.
- Collaborate with internal and external interactions and communications with stakeholders in a professional manner, referring problems to and communicating with the appropriate department manager or director.
- Performs operating system testing, database testing, network fabric asset testing, and wireless communication testing.
- conduct web application security testing activities? for web applications and web-services
- Deliver comprehensive and accurate reports and presentations for technical audiences
- Builds scoping, planning, and execution of attack narratives
- Perform security tests, with a focus on simulating adversaries, and testing Detection and Response processes
- Maintains custom scripts, payloads, tools, and methodologies to aid in success
- including security assessments, penetration testing and social engineering
- Perform penetration tests against external networks, internal networks, web applications, mobile applications, social engineering, phishing, physical security, wireless networks, and more to identify exploits and vulnerabilities
- Create and deliver findings, attack narrative and reports to customer technical and non-technical contacts
- Consult clients on best practices for remediation to achieve desired compliance attestations
- Deliver recommendations to achieve and maintain compliance
- Maintain relevant industry certifications and demonstrate a willingness to work toward additional credentials
- Maintain security tools and create security blog posts to share information with the security community
Visit Original Source:
http://www.indeed.com/viewjob