Penetration Tester / Security Assessor

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Designs and develops acceptance criteria for cybersecurity architecture.

• Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organization's security posture.

• Perform web application penetration testing to identify and exploit OWASP Top 10 web application vulnerabilities.

• Leverage threat intelligence to emulate known threat actors' tactics, techniques, and procedures.

• Partner with various cybersecurity teams to improve automation and detection of threat actors.

• Engage with technical and non-technical audiences to articulate both techniques and results.

Minimum Qualifications

• Bachelor's Degree in Computer Science or a related field or equivalent experience.

• 5-10 years of experience in systems security with a minimum of 2+ years in information security, penetration testing, or ethical hacking.

Other Job Specific Skills

• Must possess demonstrated experience planning and conducting penetration tests against networks and web applications.

• Demonstrated experience conducting vulnerability assessments and penetration tests.

• Expertise with tools such as Bloodhound, Burp Suite, Cobalt Strike, Metasploit, and Mimikatz.

• Hands-on experience with penetration testing tools and frameworks.

• Portfolio of security assessments or CTF achievements (preferred).

• Experience with network scanning, enumeration, and exploiting vulnerabilities.

• Proficiency in Windows, Linux, and macOS environments.

• Understanding of system hardening techniques and common misconfigurations.

• Knowledge of programming languages like Python, Ruby, or JavaScript for creating custom scripts and exploits.

• Familiarity with bash, PowerShell, or other scripting languages for automation.

• Understanding of web technologies, including HTML, JavaScript, and SQL.

Preferred Skills

• Experience in identifying and exploiting vulnerabilities in web applications, networks, and systems.

• Familiarity with CVSS (Common Vulnerability Scoring System) and understanding how to prioritize vulnerabilities based on risk.

• Ability to analyze and critique code for security vulnerabilities.

• Familiarity with common vulnerabilities such as SQL injection, XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and buffer overflows.

• Strong understanding of network protocols, architecture, and components (e.g., TCP/IP, DNS, VPNs, firewalls, routers, switches).

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

$90k - $109k

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.