Senior Penetration Tester
Indexed description
Pay Type: SALARIED EXEMPT
Location: Hybrid, Washington, DC
US Citizenship: Required
Summary Of Position Role/Responsibilities
Quzara LLC, a SBA Certified WOSB, EDWOSB, and 8(a) cybersecurity firm, specializes in compliance advisory, cloud security, and managed security operations. Driven by innovation and dedication, our mission is to secure our clients' digital landscapes. Our services include Federal Security & Compliance, Vulnerability Management, Continuous Monitoring, Advanced Security Analytics, and Cloud Security, among others. Join our team and contribute to a culture of excellence and continuous improvement in the cybersecurity domain.
Essential Functions Of The Job
- Plan, create, and execute advanced penetration methods, scripts, and tests for the team, with a focus on Web Applications
- Assess and test the security of internal networks and underlying application infrastructure.
- Conduct penetration testing and vulnerability assessments on Azure cloud infrastructure and applications
- Lead and mentor a team of penetration testers, providing guidance and sharing expertise
- Carry out remote and on-site testing of client networks and infrastructure to expose security weaknesses
- Simulate security breaches to assess a system's relative security
- Create detailed reports and recommendations based on findings, including uncovered security issues and associated risk levels
- Present findings, risk assessments, and conclusions to management and other relevant parties
- Maintain advanced knowledge of networking, cryptography, reverse engineering, web applications, operating systems databases
- Possess expertise in various scripting and programming languages, including Python, SQL, C/C++, JavaScript, PHP, Java, and Ruby
- Provide strong written and oral communication skills to effectively convey assessment results and potential weaknesses
- Assist in penetration testing intake, coordination with client teams for scheduling and delivery of reports/debriefs.
- Other duties as assigned
Education, Training, And Experience
- Bachelor's degree in cyber security, computer science, IT or a related field and at least 10 years of experience in cybersecurity. Additional years of relevant experience may be considered in lieu of a Bachelor's degree.
- 7 years minimum of work experience directly related to Red Team assessments, and penetration testing (intranet, internet, web, wireless, social engineering), with a focus on Web Application testing
- Must have an active OSCP+ certification in addition to one of the following:
- CompTia PenTest+
- CEH
- CompTia CySa+
- GCIH
- GCFA
- CISSP
- Expertise with scripting languages (e.g., Python, PowerShell, Java, Perl, etc)
- A fundamental understanding and experience with business/application logic vulnerabilities.
- Expertise with API focused penetration testing.
- Proficiency with penetration testing tools (Kali Linux, Binwalk, BurpSuite, Wireshark, etc)
- Experience acting as a Subject Matter Expert or team lead, providing guidance to others
- Proven track record of reviewing cybersecurity vulnerabilities for risk and relevance
- Experience in planning mitigations for systems vulnerabilities
- Exceptional communication skills; able to successfully communicate with management personnel, technical personnel, and third parties.
- Certification in focused on Web Application penetration testing.
- i.e. eWPT, BSCP, etc
- Relevant security research.
- Accredited CVEs, research papers or contributions to the cyber security sphere.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search