Senior Security Consultant (Kubernetes Penetration Tester)
Indexed description
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
We are seeking an experienced professional with demonstrated technical depth and breadth in Kubernetes Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers.
Responsibilities
- Execute Kubernetes penetration tests against cloud-hosted and self-managed environments.
- Create attack narratives and findings-based penetration test reports for clients.
- Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes.
- Collaborate with clients to create remediation strategies that will help improve their security posture.
- Act as a resource for internal team members as it relates to in-depth technical questions or best practices in Kubernetes.
- Assist in QA review of Kubernetes engagements.
- Contribute to the information security community through the development of tools, presentations, white papers, and blogs.
- Bachelor's degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience.
- 5 years combined experience performing offensive/attack-oriented penetration tests against Kubernetes and at least one of the following: cloud environments, web applications or thick client applications.
- Deep hands-on experience with Kubernetes clusters.
- Recognized Penetration Testing specific qualifications such as GXPN, OSEP, OSCP, OSWE or similar certifications.
- Kubernetes related certification such as CKA, CKS or similar.
- Strong communication, presentation, and writing skills.
- Experience performing security focused configuration reviews.
- Demonstrable knowledge in the following areas:
- Exploiting workload misconfigurations in Kubernetes clusters such as RBAC-based privilege escalation, exploiting sensitive kernel capabilities, bypassing admission controls and executing well-known container breakout techniques.
- Understanding of security best practices for containers and the feasibility of applying those practices.
- Network pivoting from a Kubernetes cluster into cloud or other cluster-adjacent/exposed services.
- Utilizing OWASP Top 10 vulnerabilities to explore attack surface of Kubernetes workloads.
- Experience with offensive toolkits for both cloud and network penetration testing.
- Programming/scripting experience in one or more of the following languages: Python, Go, Bash.
- Experience researching new Kubernetes features and related cloud service offerings with the goal of identifying misconfigurations and vulnerabilities.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search