Offensive Security Consultant - Software Guidance & Assistance
Fort Lauderdale, FL
About the Job
Software Guidance & Assistance, Inc., (SGA), is searching for an Offensive Security Consultant for a CONTRACT assignment with one of our premier Financial Services clients in Fort Lauderdale, FL OR Remote.
Responsibilities:
The Senior Infrastructure Penetration Tester/Researcher plays a vital role in Firm's Vulnerability Assessments (VA) team and is responsible for providing VA services to all Firm businesses and technology teams globally. The position will be identifying weaknesses and vulnerabilities within the Firm infrastructure and is part of a larger, global team that collectively provide VA support to all of Firm's business groups. Commercial and open source Vulnerability Assessment tools and utilities are leveraged during these assessments.
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.
Responsibilities:
The Senior Infrastructure Penetration Tester/Researcher plays a vital role in Firm's Vulnerability Assessments (VA) team and is responsible for providing VA services to all Firm businesses and technology teams globally. The position will be identifying weaknesses and vulnerabilities within the Firm infrastructure and is part of a larger, global team that collectively provide VA support to all of Firm's business groups. Commercial and open source Vulnerability Assessment tools and utilities are leveraged during these assessments.
- Provide Vulnerability Assessment/Penetration Testing services to Firm businesses globally through a comprehensive testing process
- Participate in special projects ranging from tooling and methodology development, advanced penetration testing as well as architecture reviews with sister teams to "shift-left "
- Serve as an SME for Infrastructure Penetration Testing in with emerging tooling sets(Containerization, AI, CI/CD etc)
- Participate in the enhancement of testing processes and methodologies
- Participate in building custom tooling aligned with strategic initiatives
- Validation of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
- Scan systems and applications, leverage initial results to build a subsequent attack methodology and execute effectively
- Report Information Security vulnerabilities to businesses in an actionable manner
- This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
- Bachelor's Degree or equivalent work experience
- 3-5 years' of relevant experience required in Offensive Security with a history of gradually expanding experience including network and overall infrastructure pentesting
- Strong scripting/coding and security tooling experience(Python, Go, Bash, C++/C, Rust) ( willing to discuss if knowledge here is deep and "pentesting” is light )
- Reverse Engineering / Exploit Development
- Strong hands-on experience with Vulnerability Assessment/Enumeration tools, e.g., Tenable Nessus, Qualys VM, OSS enumeration tools
- Demonstrate hands on experience with penetration testing tools i.e. Kali suite, open-source tooling, Living Off The Land(OS), LOLBINS etc
- Deep understanding of TCP/IP, Infrastructure stacks(i.e. 3 tier, segmented environments)
- Demonstrable experience working effectively in Enterprise environments
- Understanding of defensive security principles with an ability to demonstrate offensive opportunities
- OS and Network Security Experience, e.g. Unix, Linux, Windows, Cisco, etc.
- Understanding of common protocols, e.g. DNS, SMTP, SNMP, LDAP, Routing Protocols
- Scripting (Bash, Python, etc.)
- Design experience/understanding on infrastructure/systems
- Exceptional interpersonal skills and a proven track record of working effectively with globally diverse teams
- Ability to understand new and emerging technologies rapidly to keep up with an ever changing threat landscape
- Ability to effectively document and explain exploits/vulnerabilities to technical and non-technical audiences including to senior leadership
- Demonstrable proficiency in producing comprehensive penetration testing reports with actionable recommendations
- OSCP, OSCE, GXPN, CREST preferred or similar demonstrable experience
- Threat Mapping experience is a plus
- Enterprise a big plus
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.
Source : Software Guidance & Assistance
