Senior Penetration Tester
Coalfire Systems is a growth leader in the IT Security Audit and GRC world, and we are looking to augment our Coalfire Labs team with a Senior Technical Leader - someone that loves the hands-on technical work, but also desires to grow and mentor others.
This position will be responsible for leading the Northwest team, and performing security assessments, communicating the methods and results to the client and providing remediation recommendations to improve the client’s security posture. This position is primarily focused on network and web application penetration tests, application code reviews, social engineering, physical security assessments and security architecture consulting. This role will also be responsible for mentoring junior staff, presenting at security conferences and serving as subject matter expert regarding application security and penetration testing.
- Lead web-based application and network penetration tests
- Lead application design, architecture and code security reviews
- Lead social engineering engagements
- Lead physical security assessments
- Lead wireless security assessments
- 5+ years of experience in information security with application/network penetration testing experience
- Deep understanding of web frameworks, including XML, SOAP, JSON and Ajax
- Experience with scripting languages such as, bash, PERL, Python, ruby, vb/wscript or powershell
- Experience exploiting web applications and services
- Experience with .NET web application frameworks and languages
- Understanding of C, C#, Objective C and Java.
- Familiarity with web proxy tools such as Paros and/or Burp
- Familiarity with penetration testing tools such as BackTrack, NeXpose, Nessus, nmap, Metasploit, vulnerability scanners, tcpdump, wireshark, etc.
- Experience with debuggers and disassemblers
- Excellent written and oral communication skills
- Self-motivated and able to work both independently and with a team.
- Willing to travel up to 50% of the time.
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Experience using Rapid7 Nexpose and Metasploit, and commercial web application testing tools such as BurpSuite Pro
- Experience leading or participating on Red Team engagements
- Working knowledge of firewalls and other network security products.
- Knowledge of applied cryptographic protocols.
- CISSP, OSCP/E, GWAPT, GPEN, GXPN certification a plus.
- Experience in exploit development
- Experience in hardware hacking or embedded systems hacking
- Advanced degree in an IT related field is a plus.
About Coalfire Labs
Coalfire Labs is a division within Coalfire Systems, Inc., a leading IT Governance, Risk, and Compliance (GRC) firm that delivers deep technical services. Coalfire Labs delivers technical security assessment services for nationwide clients in the retail, financial services, government, healthcare, education, legal, and public utility industries.