Apply Now    

IBM Security - Penetration Tester

  • Country:US
  • State:IL
  • Category:Technical Specialist
  • Required Education:Bachelor's Degree
  • Position Type:Professional
  • Employment Type:Full-Time
  • Contract Type:Regular
  • Req ID:142625BR
View Full Description
Job Description
A person with deep technical expertise in the processes, procedures, tools and methodology for assessing IT Security risk. The role requires an individual who can independently visualize the network topology from information provided, prepare tests, conduct hacker simulations and demonstrate the likelihood of data compromise via 'proof of concept exploitation' of a given vulnerability. Further to the tests, to be able to clearly describe the problem, the concerns and provide recommendations to fix.

As a Proactive Security & Prevention Pentest Team member, you will be performing various types of infrastructure or application level security assessments including: vulnerability scanning, ethical hacking and penetration testing. Upon completion of testing activities, you will need to write an assessment report which contains the findings, the assigned risk level, the proposed mitigation and all technical details which is necessary to reproduce the test results. Occasionally you’ll need to present the assessment findings to the senior management and you will need to work with the system owners to mitigate vulnerabilities. As a team member you will occasionally need to participate in the development of team processes and tools. To keep your personal and your team’s skills up to date you will be required to continuously learn and share information with your team mates.

Required Technical and Professional Expertise

  • Possess relevant certifications i.e. OSCE, OSCP, GPEN, GWAPT, eCPPT, eWPT, etc or is able to demonstrate the equivalent skillset through previous employers, a professionally edited blog, active participation in the cybersecurity community, CTF participation and write-ups, or any combination of meaningful contributions
  • Familiar with OWASP top 10 vulnerabilities and be comfortable using them to compromise web applications in a way malicious hacker would
  • Familiar with common network services and their uses and be comfortable exploiting them
  • Know the differences between common operating systems such as Windows, Linux, BSD, Unix, and be comfortable with compromising data on such systems, pivoting, and other hacker techniques
  • Should be familiar with the following penetration testing tools: burpsuite, AppScan, postman, owasp zap, fiddler, paros proxy , sql map, dir buster, SQL Ninja, w3af, beEF, John the riper, oclhashcat, metasploit, nmap, Armitage, masscan, hping, Cain & Abel

Preferred Tech and Prof Experience

  • 3 to 4 years hands on experience w/o college degree
  • 2 to 3 years hands on experience with a bachelor's degree
  • 1 to 2 years hands on experience with a master’s degree
  • Specifically seeking a hybrid candidate who is comfortable in both infrastructure testing and web application testing, competence with other modes of pentesting is a plus
  • Possess relevant certifications, i.e. OSCE, OSCP, GPEN, GWAPT, eCPPT, eWPT, etc
  • Familiarity with scripting in UNIX shell, PERL, or Python a plus
  • Familiarity with XML, SOAP, and Ajax

Preferred Education: Master's Degree Commissionable: No
Apply Now    
Link for schema

Share this job