HiringCafe
Posted 6y ago

Senior Penetration Tester

@ Citco
View All Jobs
Charlotte, North Carolina, United States
OnsiteFull Time
Responsibilities:Completing penetration tests, Performing risk assessments, Mentoring junior team members
Requirements Summary:Bachelor's degree in information systems or related field; professional security certifications such as CISSP, SANS GPEN or WAPT are a plus.
Technical Tools Mentioned:Tenable Security Center, BURP Suite, IBM AppScan, Core Impact
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Senior Penetration Tester (Sr. Security Analyst)

About Citco

Since the 1940s Citco has provided specialist financial services to alternative investment funds, investors, multinationals and private clients worldwide. With over 6,000 employees in 45 countries we pioneer innovative solutions that meet our clients’ evolving needs, and deliver exceptional service.

Our continuous investment in learning means our people are among the best in the industry. And our corporate social responsibility programs provide meaningful and fulfilling work in the community.

A career at Citco isn’t just a job – it’s an opportunity to excel in an environment that genuinely supports your personal and professional development.


About the Role:

The Team Lead Position is responsible for completion of all aspects of application/network penetration test, risk assessment and other security activities as outlined in the Red Team charter and providing guidance to junior team members. Position will involve working closely with development and projects teams to ensure adherence to secure development processes and applications produced by the process are free from security vulnerabilities.  Additionally the Team Lead is tasked with providing general application and infrastructure security consultancy with regard to development best practices, prevention and remediation of application and infrastructure vulnerabilities.  Lastly, the Team Lead position is responsible for both mentoring and assisting in advancing the Red Teams knowledge and capabilities and process improvement. This position reports to the IT Security Manager, and is a key position within the IT Security group which is responsible for protecting the Confidentiality, Integrity and Availability of Citco data and resources.


Job Duties in Brief:

  • Complete and/or oversee penetration-testing engagements documenting results and verifying remediation.
  • Performing manual validation of results from automated/semi-automated tests
  • Performing manual penetration test activities as needed
  • Ability to incorporate compensating controls when assessing risk level of security issues reported
  • Plan or execute social engineering and physical on-site assessments as directed
  • Experienced in use of network mapping, host enumeration and scanning tools
  • Complete project work accurately and within deadlines as required
  • Complete analysis, assess issue risk and recommend remediation strategy.
  • Coordinate with internal colleagues to follow up on vulnerability remediation.
  • Configure/oversee configuration and maintenance of network vulnerability scanner and generation of associated reports as directed.
  • Perform firewall rules review
  • Develop and maintain effective working relationships with clients and other team members.
  • Maintain and advance knowledge security testing best practices
  • Continually review and enhance existing knowledge of attacker tactics, tools and techniques
  • Support and encourage information sharing with other team personnel.
  • Participate in providing mentoring support and guidance to team members to help grow the teams skills and capabilities.

 

About You:

  • A bachelor's degree information systems or other related field; or equivalent work experience.
  • Professional security certifications such as CISSP, SANS GPEN or WAPT are a plus
  • Demonstrate a self-directed approach to learning and teaching other team members new technologies in the field; as well as pursuing continual professional development.
  • Strong technical acumen in securing software and hardware
  • Demonstrated experience in the use of Penetration testing tools and testing methodologies
  • Analysis of operating system, application and network architectures to identify security vulnerabilities
  • Extensive knowledge and experience of operating systems and distributions.
  • Maintain and enhance knowledge of administration, enumeration and exploitation of Windows Servers, Desktop, Active directory and Networks.
  • Strong understanding of TCP/IP, HTTP and TLS protocols as well as wireless technologies
  • Understanding of various web methods such as AJAX, Web Services, Web Sockets, Rest/SOAP etc.
  • Knowledge of security issues related to many common databases including MySQL, MSSQL, MySQL and Oracle
  • Experienced in application testing methodologies such as fuzzing, enumeration and various injection techniques
  • Scripting and/or programming skills in at least one language
  • Collaborates across security groups to ensure comprehensive risk discovery and remediation
  • Manages personal work engagements to meet project timelines
  • Participates/conducts group training and skill improvement activities
  • Previous experience with Tenable Security Center, BURP Suite, IBM AppScan and Core Impact a plus


What We Offer:

  • A challenging and rewarding role in an award-winning global business.
  • Opportunities for personal and professional career development.
  • Great working environment, competitive salary and benefits, and opportunities for educational support.
  • Be part of an industry leading global team, renowned for excellence.


Confidentiality Assured.

#LI-NN1