Penetration Tester / Security Assessor

at ASM Research, An Accenture Federal Services Compan in Boise, Idaho, United States

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Designs and develops acceptance criteria for cybersecurity architecture.

+ Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organizations security posture.

+ Perform web application penetration testing to identify and exploit OWASP Top 10 web application vulnerabilities.

+ Leverage threat intelligence to emulate known threat actors tactics, techniques, and procedures.

+ Partner with various cybersecurity teams to improve automation and detection of threat actors.

+ Engage with technical and non-technical audiences to articulate both techniques and results.

Minimum Qualifications

+ Bachelors Degree in Computer Science or a related field or equivalent experience.

+ 5-10 years of experience in systems security with a minimum of 2+ years in information security, penetration testing, or ethical hacking.

Other Job Specific Skills

+ Must possess demonstrated experience planning and conducting penetration tests against networks and web applications.

+ Demonstrated experience conducting vulnerability assessments and penetration tests.

+ Expertise with tools such as Bloodhound, Burp Suite, Cobalt Strike, Metasploit, and Mimikatz.

+ Hands-on experience with penetration testing tools and frameworks.

+ Portfolio of security assessments or CTF achievements (preferred).

+ Experience with network scanning, enumeration, and exploiting vulnerabilities.

+ Proficiency in Windows, Linux, and macOS environments.

+ Understanding of system hardening techniques and common misconfigurations.

+ Knowledge of programming languages like Python, Ruby, or JavaScript for creating custom scripts and exploits.

+ Familiarity with bash, PowerShell, or other scripting languages for automation.

+ Understanding of web technologies, including HTML , JavaScript, and SQL .

Preferred Skills

+ Experience in identifying and exploiting vulnerabilities in web applications, networks, and systems.

+ Familiarity with CVSS (Common Vulnerability Scoring System) and understanding how to prioritize vulnerabilities based on risk.

+ Ability to analyze and critique code for security vulnerabilities.

+ Familiarity with common vulnerabilities such as SQL injection, XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and buffer overflows.

+ Strong understandin