One of our direct clients is looking for a Penetration Tester at Rosemont, IL. Please submit resumes to mremya at divihn dot com or call (630) 847 7118 with any questions.
Penetration (PEN) Tester IT Threat and Vulnerability
Description:The Penetration Tester Threat and Vulnerability Management works to protect data and system integrity through the establishment and execution of approved internal penetration testing methods. This position reports to the IT Threat and Vulnerability Manager. Threat and Vulnerability Management for this role is primarily achieved by planning and performing penetration tests and assessments; identifying and addressing potential data loss channels; and working within a red/purple team to discover and stay apprised of potential security challenges. The position will work closely with other Network Security and IT personnel to ensure vulnerability management processes are effective.
Responsible for configuring and maintaining penetration testing and vulnerability assessment tools, performing scans and penetration tests, researching and analyzing vulnerabilities, identifying relevant threats, preparing corrective action recommendations, and summarizing and reporting results.
Proposes and assists in implementing approaches for addressing vulnerabilities, including deployment of specialized controls, code or infrastructure changes, and changes in development processes.
Identifies, validates, and resolves vulnerabilities associated with insufficient security controls.
Produces metrics and reporting on the state of system security, threats, and vulnerabilities.
Analyzes attack vectors and recommends corrective actions to the necessary business units.
Manages tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
Recommends appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
Works with application developers and other stakeholders to recommend fixes and develop remediation plans.
Validates remediation by reviewing application/infrastructure updates to verify resolution.
Provides security consulting services, as needed, to various projects.
Builds effective relationships with stakeholders who own and support applications, IT infrastructure, and operations.
Gains commitment from stakeholders and project teams to implement recommended security controls.
Performs duties and responsibilities specific to department functions and activities, as well as those required or assigned by supervisor.
3-5 years of experience performing penetration testing/ethical hacking.
1-2 years of experience performing vulnerability scanning with tools designed to identify vulnerabilities across both networks and applications.
Solid understanding of programming/scripting languages (Python, Bash, Perl, PowerShell, etc).
Solid understanding of common penetration testing tools and platforms (Kali Linux, Metasploit, etc).
Solid understanding of web application security concepts pertaining to modern web languages and frameworks.
Solid understanding of network design and architecture.
Solid understanding of security controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
Solid understanding of Windows and Linux environments, Active Directory, network monitoring and sniffing, TCP/IP networks, and vulnerability and threat management tools (including network based scanners).
Excellent written and verbal communication.
Excellent problem solving and troubleshooting skills.
3-5 years of experience performing web application vulnerability assessments and pen testing/ethical hacking of networks, systems and applications
Experience writing technical reports and executive summaries.
Experience using Nessus/Tenable scanning products.
Experience writing SQL queries.
One or more technical web application pen testing certifications (e.g. GWAPT, OSWE).
One or more advanced security certifications (e.g. CEH, OSCP, GPEN, PenTest , CySA , CASP , CISSP).
About us: DivIHN, the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.
DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.