Senior Penetration Tester - Security Consultant - Dell SecureWorks
Dell Inc.
Penetration Tester-Dell SecureWorks
Security and Risk Consulting Group
Dell SecureWorks is a market leader in information security services with more than 3,600 clients worldwide spanning North America, Latin America, Europe, the Middle East and the Pacific Rim. Organizations of all sizes, across all industries rely on Dell SecureWorks to protect their assets, improve compliance and reduce costs. The combination of strong customer service, award-winning security technology and experienced security professionals makes Dell SecureWorks the premier provider of information security services for any organization. Positioned as a leader of the MSSP industry by several global industry analyst firms, Dell SecureWorks also has received SC Magazine’s “Best Managed Security Service” award and Frost & Sullivan’s North America Security Incident Mitigation and Response Customer Value Leadership Award, among others.
Role Overview:
The Penetration Tester supports the Security and Risk Consulting (SRC) Technical Security Services Team by applying information security threat intelligence to identify and exploit vulnerabilities within our client’s environments. The focus areas for this role are one or more of the following: network testing, wireless network security, web application testing, mobile application testing, physical security, and social engineering.
Role Responsibilities:
-
Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTP to assess vulnerability and risk
-
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
-
Conduct exploitation testing using off-the-shelf or self-developed exploitation tools, and document findings for client remediation
-
Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
-
Mentor and train fellow team members in new technologies and techniques
-
Document and present on new testing methodologies to internal and external teams
-
Develop and document new post-exploitation tools and techniques for use by internal and external customers
-
Excel as both a self-directed individual contributor and as a member of a larger team
-
Availability for domestic travel and limited international travel up to 50%
-
Apply innovation to improve service efficiency and service value
-
Suggest or implement enhancements to internal systems
-
Interface with Counter Threat Unit (CTU) and Incident Response (IR) teams
-
Perform other essential duties as assigned
Company Description
With more than 100,000 team members globally, we promote an environment that is rooted in the entrepreneurial spirit in which the company was founded. Dell’s team members are committed to serving our communities, regularly volunteering for over 1,500 non-profit organizations. The company has also received many accolades from employer of choice to energy conservation. Our team members follow an open approach to technology innovation and believe that technology is essential for human success.
Background and Experience:
-
Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
-
5 years of experience leading penetration testing, application testing, and red team engagements
-
Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
-
Understanding of:
o Web protocols (e.g., HTTP, HTTPS, and SOAP)
o Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
-
Experience with WLAN security concepts and testing
-
Strong technical communication skills, both written and verbal
-
Ability to explain technical security concepts to executive stakeholders in business language
Preferences:
-
Operating systems administration and internals (Microsoft Windows / Linux)
-
Understanding of TCP/IP networking at a technical level
-
Significant plusses for one or more of the following: experience in social engineering, mobile or cloud application testing, experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, ICS testing experience, and cryptography or cryptanalysis
-
Presentation skills and tools (e.g., PowerPoint, Keynote, etc.)
-
Significant public security presentation experience is a plus
-
General security certifications such as CISSP or GSEC
-
OSCP/E or GIAC GPEN, GWAPT, GXPN or similar preferred
-
5+ years of professional experience in information security or related field
-
A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience
See full job details and apply at employer site