Senior Security Consultant - Penetration Tester
To begin the application process, click here.
True Digital Security is looking for a motivated security professional with network and web application penetration testing and assessment experience. As a Senior Penetration Tester within TRUE’s Tactical services division, your primary focus will be providing expert level security testing services in a wide array of clientele and environments. You’ll work directly with clients to design and conduct engagements including network testing, wireless, web application, phishing, and physical security. The successful candidate will be strong technically, and motivated to contribute to the continued development of a growing and close-knit Tulsa-based information security organization.
- Conduct vulnerability assessment and red team penetration testing engagements to a wide variety of clients and industries
- Assess, test, and penetrate unique environments such as mobile systems, SCADA system, power grids, and airplanes
- Stay informed of the latest attack trends and tactics
- Perform web application and wireless penetration testing
- Create and conduct phishing and social engineering campaigns
- Evaluate physical security controls and attempt to gain physical access.
- Participate in a team environment to create guidance documents on industry topics
- Identify, architect, and present new service opportunities within the context of existing client relationships
- Bachelor’s or higher education degree
- Industry certification such as CISSP, GSEC, OSCP, GPEN, CEH are a plus
- At least two (2+) years’ experience in performing web application and security penetration test
- At least five (5+) years’ work experience in the IT, consulting, or security testing fields.
- A solid understanding of IT security technologies including network and application security, firewalls, access management, and data protection
- Experience with penetration testing toolsets and framework (e.g., Metasploit, Kali Linux, Core Impact, Cobalt Strike)
- Experience with vulnerability scanning and analysis (e.g., Qualys, Nessus, Nexpose, Saint)
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
- Hands-on experience with scripting languages such as Python, Powershell, or Ruby
- Able to manage project task execution independently and get all associated team members to deliver their tasks on time, without direct authority.
- Experience and success in delivering client engagements on-time and within budget
- A desire to grow professionally by joining and contributing to a group of skilled consulting professionals that focus on exceeding customer expectations.
- Ability to present and articulate findings to technical staff and executives
- Must be able to pass a background check
- Minimal travel required, Willing to work after standard business hours and on weekends
- Malware reverse engineering experience
- Source code auditing experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
- Experience with programming languages (e.g., Java, C, C++, .NET (C#, VB))
- Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
- Love for playing CTF hacking games
Applicants must be qualified to work in the U.S. True Digital Security will not sponsor applicants for employment visas.
About True Digital Security:
True Digital Security is a leading information security services & consulting firm, committed to helping our clients achieve best practices and compliance objectives, while mitigating risk. True is more than just a cybersecurity provider. We become an integral part of our clients’ teams, helping them make informed risk management decisions and enabling their businesses to operate most securely and efficiently.
Our team is comprised of industry-certified security professionals, skilled and experienced in the areas of Network Security, Application Security, Risk Management, Compliance & Audit (PCI DSS, NERC CIP, HIPAA/HITECH, FFIEC, SSAE 16/SOC 2, etc.), Managed Services and Incident Response.
We offer an excellent benefit package that includes medical, dental, vision, life & AD&D, 401(k) and a generous PTO policy.
No phone calls please.
To All Agencies:
Please, no phone calls or emails to any employee of True Digital Security outside of the Human Resources team. True Digital Security’s policy is to only accept resumes from agencies with which True Digital Security has communicated directly. Agencies must have a pre-existing, valid fee agreement in place. Agencies must have been assigned the specific requisition to which they submit resumes. Any resume submitted outside of this process will be deemed the sole property of True Digital Security. In the event that a candidate submitted outside of this policy is hired, no fee or payment of any kind will be paid.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.