Job Description
o Plan and perform hands-on testing efforts of a client's information systems and infrastructure to expose weaknesses in security controls.
o Lead testing efforts from cradle to grave with other penetration testers, providing expert guidance, direction, and judgment during testing.
o Document and convey test plans, test results, and remediation recommendations in formal reporting formats.
o Participate in technical exchange meetings and brief client senior leadership on actions, findings, and countermeasure recommendations to support mission objectives and reduce risk to their organization.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Required Skills & Experience
o 5+ years of experience in network vulnerability testing, Web application security testing, network penetration testing, red teaming, purple teaming, or adversarial testing
o Experience with creating Rules of Engagement (ROE), test plans, and scripts to aid in testing efforts
o Experience with using, administering, and troubleshooting major platforms of Linux, including Ubuntu and Red Hat
o Experience with Windows environments and Active Directory concepts of enumeration, exploitation, and post-exploitation
o Experience with programming with Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code
o Experience with tools, including WebInspect, AppDetective, Metasploit, C2 Framework, Burp Suite Pro, Responder, Bloodhound, Nmap, Nessus, Core Impact, and Powersploit
o Knowledge of applications, databases, and Web server design and implementation
o Secret clearance
o HS diploma or GED
o OSCE, OSCP, or GPEN Certification
Nice to Have Skills & Experience
o Experience with assembly languages, including x86 or reverse engineering
o Experience with Microsoft Visual Studio or other C# code compilers
o Experience with AV evasion, AMSI, or AppLocker bypasses
o Experience with phishing and other social engineering tactics
o Experience with penetration testing on Windows and Linux platforms, network vulnerability testing, Web application security testing, network penetration testing, red teaming, purple teaming, or adversarial testing
o Knowledge of open security testing standards and projects, including OWASP
o Ability to convey test results and provide remediation recommendations in formal technical reports and deliver briefings to senior client staff
o Bachelor's degree in Computer Engineering or CS
o Red Team Certification
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.