• Conduct formal vulnerability assessments and penetration tests of networks, systems, web-based applications, and other types of information systems on a regular basis.
• Execute tests independently or work as part of testing team, taking direction from the Penetration Testing Manager and executing directives in a thorough and timely fashion
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, SaaS PaaS and IaaS.)
• Manage required 3rd party commercial and federal penetration tests.
• Assist in Risk identification and validation.
• Assist with any ad-hoc testing that is requested from the Penetration Testing team.
Required Technical and Professional Expertise
• Minimum of 2 years performing penetration testing in a commercial/business/federal setting.
• Familiarity and experience with web application pentesting.
• Possess good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral
• Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
• Familiar with scripting languages, Python, BASH, Powershell, Ruby, etc.
• Familiarity with penetration testing lifecycle
Preferred Tech and Prof Experience
• Familiarity with the following protocols: ARP, DHCP, DNS, DSN, FTP, HTTP, IMAP, ICMP, IDRP, IP, IRC, NFS, POP3, PAR, RLOGIN, SMB, SMTP, SSL, SSH, TCP, TELNET, UDP. Strong knowledge of Windows® Internals, Windows® Application Programming Interfaces (API), Portable Executable (PE) formats, Windows® Registry, and security models.
• Security+ and CEH
• OSCP, GPEN, GWAPT, LPT, GCIH
• Experience with dynamic source code analysis
• Extensive experience with Tenable Nessus
• Experience with Core Impact
• Experience with IBM Appscan
• 5 years’ experience
• Bachelor’s Degree related to position
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.