Welcome to Aerstone, a place where you get to share your skills and experience with a team of high performing security professionals and in turn, improve on your own capabilities. Working together in a collaborative environment helps our business grow, but more importantly, it will help you grow. At Aerstone, we foster greatness, we champion accountability, and we value kindness.As a Penetration Tester, you will join our growing testing team and have the opportunity to support, and lead, technical testing and assessment activities including vulnerability scanning, configuration reviews, web application scanning, database scanning, observation or over the shoulder technical control interview sessions, cloud security benchmark scanning, and infrastructure as code (IaC) security analysis. You will have the chance to evaluate test results against compliance standards and conduct risk analyses of findings in order to generate detailed assessment reports to help our customers gain security assurance and secure their systems.We at Aerstone are highly committed to creating a collaborative work environment where everyone contributes and gains from our collective experiences. It is our belief that creating a culture based on synergy and the coordinated optimization of individual strengths results in mutual benefit and growth.If this is you, we welcome your interest to join us!Responsibilities:Support and lead testing of web applications and APIs for susceptibility to SQL injections, Cross-Site Scripting, and other input attacksSupport and lead technical evaluation of cloud-based applications and systems, assessing secure configurations and settings of PaaS, SaaS, and IaaS environments. This may include use of automated cloud assessment tools or industry best practices.Support and lead technical assessments of network infrastructure, servers, endpoints, and databases.Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.Conduct automated credentialed vulnerability scanning against databases using commercial and open-source scanning tools.Assess compliance posture against regulatory requirements mainly including NIST SP 800-53, and may include OWASP ASVS, and ISO 27001.Conduct reviews of system configurations for identification of security weaknesses or misconfigurations.Research known vulnerabilities and manually validate scanner finding.Document security weaknesses, including steps to reproduce.Analyze security findings, including risk analysis and root cause analysis.Research and propose practical remediation.Years of Experience Required: 5+ yearsEducation Requirements: Bachelors DegreeRequired Skills/Qualifications/Certifications:Strong knowledge and experience with Linux based operating systems and Linux based testing toolsExperienced with common penetration testing tools and frameworks (Kali Linux, Metasploit, Burp Suite / ZAP, Nessus, etc.)Experienced with virtual machine platforms and remote testing solutionsExperienced with cloud computing infrastructures and cloud assessment techniques and toolsExperienced with NIST SP 800-53 controls and testing against these requirementsExperienced with testing methodologies such as NIST SP 800-115, OSSTMM, or the OWASP Testing Guide.Reliable team playerIndependent / capable of working effectively and efficiently with minimal supervisionStrong time management skillsHighly organized and detail orientedUnderstanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocolsWorking knowledge with both Windows and Unix operating systemsTechnologist mentality (follows, learns, and applies technology trends through self-initiation)Persistent and undeterred work ethicPreferred Skills/Qualifications/Certifications:Able to properly install, configure, and run common open-source testing toolsExperience with web languages including JavaScript, PHP, Java, Swift, and .NETFamiliarity with Microsoft SQL Server and Oracle database conceptsFamiliarity with application DevOps concepts, tools, and technologiesScripting experience (Python, Bash, Ruby, PowerShell, Command Shell, etc.)Experience developing MetaSploit modules, Nessus plugins, and exploit automationRelevant certifications a plus (OSCP, OSCE, CISSP, GPEN, C|EH, Security+, Network+, etc.)Clearance:Applicants selected will be subject to a security investigation and may need to meet eligibility requirements.Compensation:At Aerstone, we value your time and wellbeing. Our benefit offerings include healthcare, retirement plan, flexible leave program, and training and certification assistance. See a little bit more about those benefits below:Health Care:Aerstone pays for 100% of the costs of Carefirst medical and pharmacy up to each employees Annual Deductible.We also offer excellent dental and vision plans through Concordia Dental and Superior Vision. Aerstone pays the premiums for employees. Aerstone also provides $50,000 in life insurance to each employee and pays the premiums for a long-term disability insurance policy.Retirement Plan:Aerstone offers a 401(k) plan through Fidelity Investments with 10% profit sharing.Flexible Leave Program:Aerstone has a flexible leave policy, which means that everyone is on their honor to put in an honest days work for an honest days pay. You take the time you need, when you need it.Training and Certification Assistance:Aerstone recognizes that technical training is an important part of professional development, and extremely valuable to the company.We have always been committed to budgeting funds for yearly employee training and encourage all employees to develop their own training plan.Possible training includes keeping current on industry or technology changes and enhancements, learning new software tools and concepts, attending industry events, earning CPE credits as required to maintain existing certifications, and achieving new certificationsEEOC:Equal Employment Opportunity has been, and will continue to be, a fundamental principle at Aerstone, where employment is based upon personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, familial status, disability, veteran status, sexual orientation, health/genetic information, or any other protected characteristic as established by law.In compliance with federal EEOC regulations, the selected employee will work on a cleared contract and therefore be required to hold U.S. citizenship.
recblid j8y2akbbkwum6jepoorcebw18572rs
Not Specified
