Software Guidance & Assistance, Inc., (SGA), is searching for a Vulnerability/Penetration Tester - Infrastructure
for a contract
assignment with one of our premier financial services clients in Florence, KY. Responsibilities
- Work with teammates to consistently learn and share advanced skills and foster team excellence.
- Document and formally report testing initiatives, along with remediation recommendations and validation.
- Conduct tactical assessments that require expertise in application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
- Develop and maintain tools and scripts used in penetration-testing team processes.
- Train offensive and defensive colleagues on new TTPs and mentor junior teammates.
- Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
- Perform other duties as assigned.
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- At least 3 years' experience in information security administration, offensive tactics, vulnerability assessment and penetration testing, especially as related to ATM and related infrastructure, hardware and applications.
- Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
- Experience conducting vulnerability assessments and penetration-testing engagements as a consultant or within a previous role in a professional organization.
- Strong operating system knowledge across.nix, Windows; proficient with networking protocols.
- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
- Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
- Preferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT.
SGA is a Certified Women's Business Enterprise (WBE) celebrating over thirty years of service to our national client base for both permanent placement and consulting opportunities. For consulting positions, we offer a variety of benefit options including but not limited to health & dental insurance, paid vacation, timely payment via direct deposit. SGA accepts transfers of H1 sponsorship for most contracting roles. We are unable to sponsor for Right-to-Hire, Fulltime, or Government roles. All parties authorized to work in the US are encouraged to apply for all roles. Only those authorized to work for government entities will be considered for government roles. Please inquire about our referral program if you would like to submit a candidate for any of our open or future job opportunities. SGA is an EEO Employer: Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. To view all of our available job postings and/or to learn more about SGA please visit us online at .