CO Salary Range: USD 78,900.00 - 139,500.00 per year

This posting has been extended beyond the initial anticipated closing date.

JOB SCOPE
Responsible for conducting penetration testing of information systems, networks, applications, and databases for vulnerabilities and risks within technology environments. Provides simulated cyberattacks and security assessments, under general direction, to probe existing security measures for potential weaknesses and check for exploitable vulnerabilities. Maintains deep knowledge of vulnerabilities and exploits to discern how they affect different systems and network protocols and their communication with each other. Works closely with engineering and technical operations staff to plan, discover, test, and report on penetration testing engagements and identified findings.

• Perform web application penetration testing, network penetration testing, mobile application penetration testing, and source code reviews.
• Basic understanding of a software development lifecycle, scripting languages, and public and private cloud environments.
• Lead penetration testing engagements to including scoping, testing, reporting, and debriefing findings to business stakeholders.

• Demonstrate expertise with applications, operating systems, firmware, etc with regards to vulnerabilities and appropriate remediation activities to eliminate risk to the business.
• Able to work with applications, platforms, and business owners to identify scope and outline requirements for testing engagements.
• Document and create reports outlining the findings identified as part of an engagement and communicate to business stakeholders.
• Proficiency in at least one programming language (e.g., Bash, Python, PHP, Ruby) to support development of testing scripts and tools.
• Review information security trends and leverage new source for emerging threats and vulnerabilities.
• Ensures compliance with security standards, policies, and procedures.

• Adheres to industry specific local, state, and federal regulations, as applicable.

• Bachelor's degree in computer science or information Systems or related field or equivalent experience
• Minimum of Four (4) years of IT/network Operations/Support
• At least Four (4) year of Information Security Operations

• Strong knowledge of Microsoft Office tools, especially Excel, Word, Visio, and Power Point with the ability to document, prepare and present data driven summaries.
• Contribute to the development of the penetration testing methodologies, testing capabilities and practices, and engagement deliverables within the security operations team.
• Experience with open-source security testing standards and projects, such as OWASP, OSSTMM, NIST 800-115, and/or PTES.
• Strong knowledge of network and application testing technologies and tools, such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux Suite, Postman, and others.
• Working knowledge of TCP/IP and advanced host and network security administrative and technical controls.
• Demonstrated capabilities with the ability to work across functional boundaries, build consensus and drive results.
• Strong written and verbal communication skills and should have good presentation skills.
• Must be a problem solver, able to balance competing priorities, have a strong process orientation and be able to manage through complexity and rapid change.

• Experience in a security operations support role performing penetration testing or similar.
• Experience with penetration testing tools such as: Burp Suite, Kali Linux Suite, OWASP Zap.
• Current security certifications, such as CompTIA Security+, CISSP, CEH, and SANS GIAC.