Penetration Tester

Location: Minneapolis, MN
Date Posted: 03-16-2017
The Penetration Tester will be responsible for conducting full-scope vulnerability assessment and penetration testing. The Penetration Tester must be able to plan, communicate, coordinate and conduct penetration tests and security assessments for applications, systems and enterprise networks.

 
Duties and Responsibilities
  • Develop all Rules of Engagement, scoping documents and reports
  • Perform manual penetration tests and validation of vulnerability scan results.
  • Develops automation/scripts for replicating vulnerability validation and penetration tests.
  • Develop SOPs and architect all penetration testing and security assessment methodologies.
  • Devises plans and scenarios for various types of penetration tests.
  • Documents exploits and results in remediation and final report.
  • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
  • Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.
  • Selects, installs, and configures security testing platforms and tools or develop tools and procedures for vulnerability assessments and penetration tests.
  • Contributes to application of FISMA compliance mechanisms, including NIST SP 800 series, with the addition of sound methodologies in lieu of weakly-defined and subjective scores.
  • Performs vulnerability assessments using automated tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
  • Support flexible work locations per work schedule (at RTN, and multiple customer sites).
  • Performs off-hours work as necessary.


Skills/Qualifications:
  • Experience in penetration testing large and complex enterprise networks
  • Experience with web and mobile applications, databases, operating systems
  • Experience with regulatory compliance, policy development, and policy enforcement
  • Experience with the following technologies: Kali Linux, Metasploit, Nmap, Burp Suite, Powersploit, Tenable SecurityCenter, HP Fortify, IBM AppScan, or WebInspect
  • Experience with FISMA, FedRAMP, NIST SP 800 series, and DISA STIGS
  • 2+ years of penetration test experience


Minimum Education and Certifications
  • Associate's degree required; Bachelor's preferred
  • At least one of the following certifications (more than one is preferred): Lunarline, Inc. School of Cyber Security “Certified Expert” certifications and/or Security+.

Place of Performance:
  • Minneapolis, MN

_____________________________________________________________________________________

Disclaimer
  
Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
or
this job portal is powered by CATS