Senior Penetration Tester

TEKsystems is hiring an experienced Penetration Tester as part of the build out of a financial clients in-house Red Team. This position will be focused on development, execution and maturation of internal penetration testing activities to supplement our existing 3rd party program, with a strong focus on web/ mobile applications and APIs.

This role is highly technical, and candidates must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up to date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise. While some automated tools will be leveraged, the penetration-tester must also utilize hands-on expertise with a variety of internally and externally developed tools to simulate attacker TTPs.

Responsibilities

• Conduct tactical security penetration test assessments in application security (web,mobile, and apis), internal/external networks, infrastructure, social engineering and a wide array of internally developed and commercial products.

• Think creatively and strategically to circumvent security controls, identify vulnerabilities and develop effective solutions. Stay informed on ever-emerging and fast-changing TTPs, zero-days and remediation strategies. Develop/modify custom tooling to solve new needs.

• Document and formally report testing initiatives, test findings, justified risk ratings, remediation recommendations and validation results in a clear and concise manner.

• Consult with technology teams and management to present security testing results, highlight the threat presented by the results, and consult on remediation guidance.

• Consult with defensive operations and threat intel teams on adversary TTPs to guide and improve offensive security measures.

• Utilize knowledge of blue team/ Security Operations Center (SOC), and security monitoring and response (SIEM, IDS/IPS etc), as well as EDR (e.g. for bypasses), overall monitoring, detection and indicators of compromise, to create effective red team activities to test these (e.g. developing / using malware, pivoting, escalating privileges, etc). Support purple team exercises designed to build strength across disparate teams.

• Develop and maintain tools and scripts used in penetration-testing and red team processes.

• Train offensive and defensive colleagues on new TTPs and mentor junior teammates.

• Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.

• Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.

• When necessary, assist in purple team exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention).

• Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.