Penetration Tester Consultant

THIS IS A REMOTE POSITION

RSI Security is a small organization where collaboration is not only encouraged, but expected. We value relationships within our team and are intentional to build and maintain a strong team camaraderie through virtual happy hours, daily morning meetings to help us start off on the right foot, and meetings dedicated solely to professional development topics to help us develop and grow together.

Purpose of this Position:

As a Penetration Tester, you will perform comprehensive penetration testing against other enterprise networks. The ideal candidate must have the expertise to perform web application, internal and external network penetration testing, and source code review.  In addition, this person will manage regulatory compliance testing needs and make recommendations for improvement.

Primary Duties & Responsibilities:

• Participate in pre-sales call to scope out and support sales as an SME
• Work with various project teams and project managers to build and execute a project plan
• Act as a consultant to the client as part of delivery team
• Perform various technical testing projects based on scheduled deadline and objectives
• Execute penetration tests, social engineering penetration tests, and security assessments, including internal & external networks, web and mobile applications, Windows and Linux environments, AWS architecture, IoT devices, and more.
• Create and analyze assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
• Develop tools and scripts to automate and improve current pentesting processes.
• Conduct new security research and work with others to develop blog posts on findings.
• Provide subject matter expertise and guidance utilizing tools and techniques to conduct cyber vulnerability and penetration testing.
• Work closely with the Project Management team and the Technical Advisory and Consulting team.
• Actively continue education and technical skill development, improving security capabilities.

Qualifications: 

• 2 years of proven experience working for cybersecurity service providers
• 2 years experience with client-facing projects proving penetration testing services
• Strong application penetration testing with a development background is preferred, but not required
• 1 year of network penetration testing experience
• Bachelor’s Degree in Information Technology, Information Security or related field.
• CISSP, CEH, and CRISC certifications.
• Well-rounded knowledge on operating systems, networks, and scripting.
• Familiarity with security testing tools (Qualys, Nexpose, SAINT, AppSpider, Metasploit, nmap, etc.).
• Experience working with basic network protocols (e.g., TCP/IP, SSH, HTTP, DNS, SMB, etc.).
• Strong knowledge of tools used for wireless, web application, and network security testing.
• Strong analytical and problem solving skills.
• Strong customer service skills.
• Excellent written & oral communication skills as well as presentation skills.
• Works with integrity and ethics.
• Security-related certifications (ISSAP, GIAC, OSCP, OSCE, GPEN, or GXPN, etc.) are highly desired, but not required.

Physical Requirements:

• Ability to sit at a desk for long periods of time. 
• Ability to clearly communicate with customers and staff through verbal and written communications. 
• Ability to type, hand write, use computers and answer phones daily.