Upgrade your talent by:
• Being responsible for application and infrastructure penetration testing, supporting external vulnerability reports and overall vulnerability management
• Performing penetration testing and vulnerability assessment coverage across the global organization
• Performing independent manual penetration tests of cloud and global IT infrastructure, web application, APIs, and IOT devices in our warehouse and logistics centers
• Working with external vendors when third party penetration reports are required
• Reviewing all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities.
• Preparing vulnerability data and develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Researching the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company
• Supporting the capabilities of our vulnerability management service including vulnerability scans, penetration tests, security assessments, application security testing, and configuration management
You’ll be a great fit if you have:
• 3+ years of strong hands-on experience in application and network penetration testing, network vulnerability assessment vulnerability risk management
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset
• Experience using vulnerability scanning software such as Nessus, teanable.io, tenable.sc, or similar
• Strong technical understanding of CVSS, OWASP Top 10, SANS top 25, and Vulnerability Exploitability ratings.
• Experience with Splunk and Splunk Enterprise Security is a plus.
• Preferred Certifications: SANS, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, or equivalent certification, work experience, or skills.
• Knowledge of programming and the ability to automate tasks in at least one language, including but not limited to Ruby, Python, Powershell, or BASH.
• Familiar with Metasploit, Burp Suite, Nmap, and security assessment focused Linux distributions, such as Kali.