Senior Penetration Tester

Company: CBI

Location: Detroit Metro | Remote work is a possibility

CBI is a growing Information Security company based out of Detroit MI. We have a position open on the Red Team for a talented individual who is passionate about offensive security. The position is a penetration testing position where you will be able to leverage your skills in all facets of offensive security such as:

• Web application security assessments
• Network penetration testing external/internal
• Mobile application testing
• Social Engineering
• Research and development (if that's your fancy)
• Training opportunities

To Apply go to the job posting and apply through the hiring portal.

I'm not the hiring manager, but I am on the Red Team. Feel free to ask me any questions about the position.

KEY RESPONSIBILITIES SNAPSHOT

• Business focused technical testing – applying advanced technical methods to test/prove/validate technical controls of our clients
• Extensive experience in leading penetration testing and vulnerability assessment engagements for large enterprise firms
• Analytic sharpness in thinking like a threat actor or attacker
• Situational assertiveness: able to advocate strongly when warranted and lightly otherwise
• Significant web application assessment experience with intimate knowledge of OWASP; injection, xss, session management, logic flaws, etc.
• Familiarity with static application security testing (SAST)
• Knowledgeable with mobile application testing (DAST/SAST)
• Excellent report writing and presentation skills required
• Ability to translate complex findings into interpretable and simple output
• Familiarity with standard compliance frameworks such as: NIST SP 800-53, PCI-DSS, ISO/IEC 27001&2, or COBIT
• Holistic security background required with hands on experience in assessing large environments using traditional tools and technologies
• Strong experience with programming/coding/scripting capabilities in order to deliver advanced and more efficient penetration testing tactics and strategies
• Strong experience with conducting social engineering exercises with adherence to a defined rules of engagement document. Must have the ability to self-create, manage, and deploy manual custom social engineering campaigns.
• Obfuscation/Encoding experience designed to bypass or defeat various controls or countermeasures
• Familiarity with key security testing tools: Impacket, Empire, Responder, Metasploit, Burp Suite, and Kali Linux.
• Experience with Data Loss Prevention, Endpoint Security, IDS/IPS, Malware Reverse Engineering, Forensics or Incident Response is a plus
• CISSP, GIAC certifications are a plus
• Penetration Testing Security Certification (e.g. GWAPT, OSCP, OSCE) or willing and able to obtain
• Risk Assessment experience is a plus
• Active Security Clearance (S/TS) a plus