The Penetration Testing professional should be very proficient in vulnerability assessments, penetration testing, Red Team assessments, and professionally relaying technical vulnerabilities and their impact to technical and non-technical customers.
The consultant would perform various penetration testing assessments for Verizon's enterprise customers as an individual contributor or lead a team delivering the assessment. The assessments that would be delivered would either be remote or onsite at a customer location. For the remote assessments the consultant would telecommute from their home office connecting into Verizon's attack lab to perform assessments, or for internal assessments travel to the designated customer locations.
The consultant should be comfortable identifying vulnerabilities, exploiting vulnerabilities, performing post-exploitation activities, and explaining the path to compromise to external and internal stakeholders. The consultant should have experience performing these activities manually and also leveraging automated tools. Additionally the consultant should be proficient in one or more programming languages (Python, Perl, etc.) and comfortable developing tools and scripts to assist with delivering assessments.
As a penetration tester, you will actively exploit vulnerabilities and then then use what we find to help develop solutions that can secure the enterprise. Our assessment process includes four components:
* Discovery: Working with the customer to take stock of system elements, including networks, applications, and mobile assets. Gather key information including registration data, operating system, patch, and service version information, and system and application configurations. * Vulnerability Identification: Based on what we learn during the discovery phase, you will then take steps to challenge them. Using a variety of applicable tools, including in-house and commercially available programs, you will create a real-world scenario where you attempt to compromise system, application, and mobile security, gain unauthorized access to resources, or disrupt and exploit system services. * Exploitation: As a security expert, you will exploit vulnerabilities detected during the identification stage, to determine the level of impact to the enterprise, had someone with malicious intent attempted the same action. * Post Exploitation: If access to any vulnerable hosts is achieved, you will attempt to escalate privileges on these exploited systems and leverage this access to gain additional access into the network you are testing. During this stage multiple different cutting edge techniques will be used to identify multiple potential ways to compromise a customer's network and then provide recommendations for remediation.
In this role, you'll be responsible for:
* Provide consulting services in the discipline of vulnerability assessments and penetration testing. * Be responsible for delivery and post-delivery support. * Provide delivery of specific vulnerability assessments and penetration testing services including: * Network, System, Application, Mobile, traditional web, and wireless. * Security Source Code Review. * Secure Application Development Training. * Participate in the development of new Threat & Vulnerability practice services. * Provide presentations to clients.
What we're looking for...
You'll need to have:
* Bachelor's degree or four or more years of work experience. * Six or more years of relevant work experience. * Eight to ten years of experience in vulnerability assessment and penetration testing and ten+ years in Information Technology. * Eight to ten years of experience in performing one or more of the following: * Network * Application * Mobile application * Wireless penetration testing
* Proficient in one or more programming languages (Python or Perl). * Experience delivering penetration testing consulting engagements. * Experience in information technology/cyber security. * Red Team or Ethical Hacking experience. * Experience delivering vulnerability assessments and penetration tests. * Willingness to travel up to approximately 50% of the time.
Even better if you have:
* A degree in a technology related field. * A strong grasp of network, application, and wireless security testing to include using tools, manual testing, and various testing techniques. * Eight or more years of experience delivering penetration testing consulting engagements. * Ten or more years of experience in information technology/cyber security. * Experience delivering vulnerability assessments and penetration tests; ideally, in a consultative environment. * Experience with web and mobile application penetration testing highly. * Certification (preferred not required): OSCP/CEH/OSWP/OSCE/OSEE/OSWE/CISSP) * Written and verbal communication and formal presentation skills. * Ability to work with clients effectively.
Verizon Communications (formerly Bell Atlantic) is a company providing communications, information, and entertainment products and services.