Job Description
About the position The Systems Engineer III, Cybersecurity Penetration Tester, is responsible for planning, executing, and leading complex security assessments across a variety of environments. Responsibilities β’ Plan, execute, and lead complex penetration tests, including internal, external, web application, network, mobile, IoT, API, social engineering, and cloud (e.g., AWS, Azure) assessments. β’ Perform red team engagements to simulate attacks and advanced persistent threats, highlighting gaps in security controls; some travel and on-site engagements required. β’ Identify, exploit, and document vulnerabilities using manual and automated techniques, adhering to methodologies and frameworks like OWASP Top 10, PTES, and MITRE ATT&CK. β’ Analyze testing results, assess risks, and produce detailed reports with findings, exploitation procedures, risk ratings, and actionable remediation recommendations. β’ Collaborate with client development, IT, and security teams to validate fixes, retest vulnerabilities, and improve overall security practices. β’ Mentor junior penetration testers, provide training on tools and techniques, demonstrate continuous learning, and contribute to team knowledge sharing. β’ Develop or customize scripts, tools, and methodologies to enhance testing efficiency and coverage. β’ Stay current with emerging threats, vulnerabilities, exploits, and offensive security trends. β’ Communicate technical findings clearly to non-technical stakeholders, including senior management. Requirements β’ Bachelor's degree in computer science, Information Security, Cybersecurity, or related field (or equivalent experience). β’ Five (5) or more years of hands-on experience in penetration testing or ethical hacking, preferably in enterprise or regulated environments. β’ Advanced security-related industry certifications (e.g., OSCP, GPEN) required. β’ Advanced proficiency with tools such as Burp Suite, Nmap, Metasploit, Nessus, Kali Linux, Wireshark, Social Engineering Toolkit, and cloud-specific testing frameworks. β’ Thorough understanding of Adversary TTPs and ability to emulate them in assessments. β’ Strong knowledge of network protocols, operating systems (Windows, Linux), web technologies, and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). β’ Experience in red teaming, vulnerability assessment, and reporting. β’ Excellent problem-solving, analytical, and communication skills (written and verbal). β’ Ability to work independently and lead engagements while collaborating in a team environment. β’ Proficient in exploit development and scripting languages such as Python, Ruby, Go, etc. Nice-to-haves β’ Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or other relevant certifications (OSCE, GXPN, CEH, or equivalent). Benefits β’ Flexible paid time off β’ 5% 401K matching program β’ Equity opportunities β’ Incentive and bonus programs β’ Up to 16 weeks of paid parental leave β’ Flexible spending accounts β’ Full-health benefits with base employee coverage fully funded, comprising: β’ Medical, dental, and vision coverage β’ Life insurance β’ Short and long-term disability coverage β’ Income protection benefits Apply tot his job