Fulltime Penetration Tester openings in Austin, United States on September 14, 2022

Cybersecurity Penetration Tester at HP

Location: Austin

Our IT Team is growing in numbers and capabilities! If you are passionate about IT, new ideas and solutions – Join us to embark on a diverse and exciting career path in a dynamic, high-tech environment. Our teams are creative and friendly, providing a wide range of IT-related services at HP.

What a Penetration Tester Does At HP
• The role is part of a talented team of security engineers and architects within HP Cybersecurity’s Architecture & Security Engineering team. Our security engineers are responsible for ensuring the security of HP products, solutions, and infrastructure. Our security engineers primarily perform manual testing with the assistance of automated tools to identify a complex set of vulnerabilities across a wide range of products and technologies.

Responsibilities
• Identifies HP system vulnerabilities, attacks, and threats run analyses on security incidents and threats and research appropriate countermeasures.
• Uses knowledge of the HP environment to scope the extent and impact of any vulnerability, attack or breach.
• Resolves HP security issues related to security vulnerabilities, incidents and threats through independent analysis and/or research.
• Consults development and product teams on vulnerability remediation.
• Develops, enhances and maintains HP’s security solutions based on HP security system analysis, research and incident resolution.
• Operates as a key team member on security teams and advises on methods to improve security solutions.

Individuals who do well in this role at HP, usually possess:

Knowledge And Skills Required
• A manual review of the code, along with the use of automated testing tools, such as Burp Suite, is essential to locate flaws in pen testing.
• Search for weaknesses in common software, web applications and proprietary systems
• Research, evaluate, document, and discuss findings with IT teams and management
• Review and provide feedback for information security fixes
• Establish improvements for existing security services, including hardware, software, policies, and procedures
• Stay updated on the latest malware and security threats
• Advanced Cyber and IT security knowledge.
• Advanced understanding of Cyber and IT security risks, threats and prevention measures.
• Advanced understanding of relevant programming and scripting languages (Perl, Python, PowerShell, HTML, JavaScript, etc.).
• Advanced security system analysis skills.
• Advanced understanding of security standards and best practices.
• Advanced understanding of networking and network security.
• Advanced understanding of network monitoring and protocols.
• Advanced understanding of:
• Off-the-shelf vulnerability assessment products and tools.
• Network security devices (firewalls, proxies, NIDS/NIPS, etc.).
• Platform and application-layer penetration testing techniques.
• Adversary techniques, tactics, and protocols and related countermeasures.
• Dynamic and static malware analysis techniques.
• Network security monitoring.
• Memory analysis techniques.
• Malware reverse engineering techniques.
• Digital Forensics.

Certification And Experience Required
• Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT, etc.
• 6+ years of relevant experience desired

Sustainable impact is HP’s commitment to create positive, lasting change for the planet, its people, and our communities. This serves as a guiding principle for delivering on our corporate vision – to create technology that makes life better for everyone, everywhere.

About HP

You’re out to reimagine and reinvent what’s possible—in your career as well as the world around you.

So are we. We love taking on tough challenges, disrupting the status quo, and creating what’s next. We’re in search of talented people who are inspired by big challenges, driven to learn and grow, and dedicated to making a meaningful difference.

HP is a technology company that operates in more than 170 countries around the world united in creating technology that makes life better for everyone, everywhere.

Our history: HP’s commitment to diversity, equity and inclusion – it’s just who we are.

From the boardroom to factory floor, we create a culture where everyone is respected and where people can be themselves, while being a part of something bigger than themselves. We celebrate the notion that you can belong at HP and bring your authentic self to work each and every day. When you do that, you’re more innovative and that helps grow our bottom line. Come to HP and thrive!
Apply Here
For Remote Cybersecurity Penetration Tester roles, visit Remote Cybersecurity Penetration Tester Roles

********

Penetration Tester​/IoT at Oscar Technology

Location: Austin

Penetration Tester (IoT experience preferred) – REMOTE
• * Fortune 500 company is currently seeking Penetration Testers (IoT expereicne preferred) to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Responsibilities:
• IoT/Embedded Device/Hardware Testing
• Network Pentesting (internal & external)
• Penetration testing of applications (web & mobile)
• Wireless Assessments
• Social Engineering
• Detailed Report Writing
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Penetration Testing (IoT/hardware, internal/external network, web apps, mobile apps, API, cloud)
• IoT Security/Embedded Device Security
• Application Security (web & mobile)
• Network Security
• Cloud Security
• Experience with security tools (Metasploit, Burp Suite, Kali Linux, App Scan, Fortify, Inspect etc.)
• Experience with different programming languages (Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.)
• Threat Modeling
• Security Architecture
• Social Engineering
• Physical Security
• Previous consulting experience
• Previous application development experience
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud Platform

N, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company

Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• * This is a fantastic opportunity to get involved with a broad range of application security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.

Penetration Tester (IoT experience preferred) – REMOTE
• * Fortune 500 company is currently seeking Penetration Testers (IoT expereicne preferred) to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Responsibilities:
• IoT/Embedded Device/Hardware Testing
• Network Pentesting (internal & external)
• Penetration testing of applications (web & mobile)
• Wireless Assessments
• Social Engineering
• Detailed Report Writing
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Penetration Testing (IoT/hardware, internal/external network, web apps, mobile apps, API, cloud)
• IoT Security/Embedded Device Security
• Application Security (web & mobile)
• Network Security
• Cloud Security
• Experience with security tools (Metasploit, Burp Suite, Kali Linux, App Scan, Fortify, Inspect etc.)
• Experience with different programming languages (Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.)
• Threat Modeling
• Security Architecture
• Social Engineering
• Physical Security
• Previous consulting experience
• Previous application development experience
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud Platform

N, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company

Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• * This is a fantastic opportunity to get involved with a broad range of application security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.
Apply Here
For Remote Penetration Tester​/IoT roles, visit Remote Penetration Tester​/IoT Roles

********

Penetration Tester (mid to sr. level; must live in the U.S.) at SonicJobs

Location: Austin

Penetration Tester (mid to sr.-level; must currently live in the U.S.) – REMOTE
• *Fortune 500 company is currently seeking Penetration Testers to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Responsibilities:
• Penetration testing of applications (web & mobile)
• Network Pentesting
• IoT Security/Embedded Device Security
• Threat Modeling
• Security Architecture
• Source code review
• Vulnerability assessments
• Social Engineering
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Penetration Testing
• Application Security (web & mobile)
• Network Security
• Cloud Security
• IoT Security/Embedded Device Security
• Experience with security tools (Metasploit, Burp Suite, Kali Linux, AppScan, Fortify, Inspect etc.)
• Experience with different programming languages (Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.)
• Threat Modeling
• Security Architecture
• Social Engineering
• Physical Security
• Previous consulting experience
• Previous application development experience
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud PlatformN, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• *This is a fantastic opportunity to get involved with a broad range of application security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.

Penetration Tester (mid to sr.-level; must currently live in the U.S.) – REMOTE
• *Fortune 500 company is currently seeking Penetration Testers to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Responsibilities:
• Penetration testing of applications (web & mobile)
• Network Pentesting
• IoT Security/Embedded Device Security
• Threat Modeling
• Security Architecture
• Source code review
• Vulnerability assessments
• Social Engineering
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Penetration Testing
• Application Security (web & mobile)
• Network Security
• Cloud Security
• IoT Security/Embedded Device Security
• Experience with security tools (Metasploit, Burp Suite, Kali Linux, AppScan, Fortify, Inspect etc.)
• Experience with different programming languages (Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.)
• Threat Modeling
• Security Architecture
• Social Engineering
• Physical Security
• Previous consulting experience
• Previous application development experience
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud PlatformN, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• *This is a fantastic opportunity to get involved with a broad range of application security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.
Apply Here
For Remote Penetration Tester (mid to sr. level; must live in the U.S.) roles, visit Remote Penetration Tester (mid to sr. level; must live in the U.S.) Roles

********

Penetration Testing Engineer at Amazon Dev Center U.S., Inc.

Location: Austin

A Bachelor’s degree in Computer Science, Cybersecurity, Customer Security, or equivalent professional experience can be used in lieu of a degree.
Minimum of 5 years of experience in source code auditing, bug hunting or CTF experience.
Minimum of 5 years of experience with manually auditing source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issues.
Minimum of 5 years of experience scripting in Python or other equivalent interpreted languages.
Minimum of 5 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines.

Job summary
• This role is open to alternative locations including: New York, NY – Boston, MA – Seattle, WA – Vancouver, BC Canada – Herndon, VA – Arlington, VA – Baltimore, MD – San Luis Obispo, CA – San Diego, CA – Atlanta, GA

Do you enjoy reading source code and finding unique security concerns? Do you enjoy writing proof of concept code to demonstrate the potential impact of an issue by demonstrating it? Do you enjoy protecting customers at scale? On the AWS Penetration Testing team, we enjoy doing it all.

Our team is responsible for the manual assessment of all products, services and software released by AWS. We specialize in digging deep to find security issues that static analysis tools can’t, and write the tooling to help with these goals. The AWS surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.

On this team you will be reading and manually reviewing source code in Java, Ruby, Python, JavaScript, Rust, C, and other languages to look for security bugs. On this team you’ll be writing proof of concept software to clearly demonstrate impact of an issue. This is not a software development engineering nor is it a red team position, thus you’ll need to feel very comfortable reading and writing code.

Responsibilities

Manually audit the source code of web services and software authored in house by Amazon
Write proof of concept code to demonstrate the severity of a potential security issue
Provide clear communication on issues to developers that suggest and help to test the fix
Partner with AWS developers to drive improvement in application security as a result of security review engagements
Provide actionable long term risk mitigation guidance
Conduct independent vulnerability research pertaining to AWS relevant technologies

About Us

Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Work/Life Balance
Our team puts a high value on work-life balance. It isn’t about how many hours you spend at home or at work; it’s about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.

Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.

Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
Experience with bug hunting, bug bounties, capture the flag, software development
Experience with multiple programming languages
Meets/exceeds Amazon’s leadership principles requirements for this role
Meets/exceeds Amazon’s functional/technical depth and complexity for this role

Amazon is committed to a diverse and inclusive workforce. Amazon is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Appsec

Please reach out to AWS Recruiter, Robert Cahill () for more information.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Apply Here
For Remote Penetration Testing Engineer roles, visit Remote Penetration Testing Engineer Roles

********

Offensive Security Specialist​/red team at Oscar Technology

Location: Austin

Offensive Security Specialist (red team experience) – REMOTE
• * Fortune 500 company is currently seeking Offensive Security Specialists (red team experience) to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Job Overview:
• Plan & deliver complex simulated attacks including phishing, insider threat, physical and other scenarios
• Creat novel s within client networks, not only moving through hardened environments, but doing so in a stealthy adversary simulation manner
• Understanding the latest in defensive technologies and processes including EDR, SOC’s, and typical blue team operations in umvent them
• Assist in research & development of new s, payload development and general red team activities
• Social Engineering
• Phishing, Vishing, Smishing
• Network Pentesting
• Wireless Assessments
• Detailed Report Writing
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Network Penetration Testing (internal/external)
• Social Engineering
• Phishing, Vishing, Smishing
• Physical Security
• Wireless Assessments
• Experience with security tools:
Metasploit, Burp Suite, Blood Hound, Cobalt Strike, BeEF (the Browser Exploitation Framework), Zed y (ZAP), Mimikatz, Crack Map Exec , Ntlmrelayx, Nmap, Wireshark, etc.
• IoT/Embedded Device/Harware Testing
• Application Pentesting (web, mobile, API, cloud)
• Previous consulting experience
• Experience with different programming languages:
Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud Platform

N, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company

Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• * This is a fantastic opportunity to get involved with a broad range of security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.

Offensive Security Specialist (red team experience) – REMOTE
• * Fortune 500 company is currently seeking Offensive Security Specialists (red team experience) to join their growing team. REMOTE. Direct Hire. Must currently live in the United States.**

Job Overview:
• Plan & deliver complex simulated attacks including phishing, insider threat, physical and other scenarios
• Creat novel s within client networks, not only moving through hardened environments, but doing so in a stealthy adversary simulation manner
• Understanding the latest in defensive technologies and processes including EDR, SOC’s, and typical blue team operations in umvent them
• Assist in research & development of new s, payload development and general red team activities
• Social Engineering
• Phishing, Vishing, Smishing
• Network Pentesting
• Wireless Assessments
• Detailed Report Writing
• Recommending new procedures and policies on an as needed basis

Skills/Experience Preferred (not all required)
• Network Penetration Testing (internal/external)
• Social Engineering
• Phishing, Vishing, Smishing
• Physical Security
• Wireless Assessments
• Experience with security tools:
Metasploit, Burp Suite, Blood Hound, Cobalt Strike, BeEF (the Browser Exploitation Framework), Zed y (ZAP), Mimikatz, Crack Map Exec , Ntlmrelayx, Nmap, Wireshark, etc.
• IoT/Embedded Device/Harware Testing
• Application Pentesting (web, mobile, API, cloud)
• Previous consulting experience
• Experience with different programming languages:
Python, Golang, JavaScript, C#, Java, C/C++, PHP etc.
• Security certifications:
• PNPT, OSCP, OSWP, OSEP, OSCE, OSWE, OSEE, OSED, OSMR, GXPN, GPEN, GWAPT, Google Cloud Platform

N, GMOB, eCPPT, eCPTX, eWPT, eWPTX, eMAPT, eCXD

Company

Benefits:
• Health Insurance
• PTO
• Will pay for desired training & certifications
• Bonuses
• * This is a fantastic opportunity to get involved with a broad range of security technologies and environments across a number of varied clients – if this seems like the right role for you please apply now.**

Oscar Associates Limited (US) is acting as an Employment Agency in relation to this vacancy.
Apply Here
For Remote Offensive Security Specialist​/red team roles, visit Remote Offensive Security Specialist​/red team Roles

********

Pentest Security Engineer, Penetration Testing at Amazon.com Services LLC

Location: Austin

A Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering, or equivalent professional experience can be used in lieu of a degree.
Minimum of 6 years of experience in source code auditing, bug hunting or CTF experience.
Minimum of 6 years of experience with manually auditing source code (one or more of: C, C++, Java, Python, JavaScript, Rust, or others) to find security issues.
Minimum of 6 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines.

Job summary
Come join our offensive security team dedicated to the detection and exploitation of vulnerabilities affecting Amazon consumer devices. This includes performing low-level reviews of hardware, bootloaders, radios, secure enclaves, or OS security features of devices, service reviews including authentication mechanisms, AI, mobile, & web apps. Engineers are also encouraged to experiment with automated techniques, such as symbolic execution, fuzzing, machine learning, or static analysis.

Amazon Devices (Lab126) is an inventive research and development company that designs and engineers high-profile consumer electronics. Lab126 began in 2004 as a subsidiary of Amazon.com (http://amazon.com/), Inc., originally creating the best-selling Kindle family of products. Since then, we have produced groundbreaking devices like Amazon Echo, Astro, Ring Always Home Cam Drone, Fire tablets, and Fire TV. What will you help us create?

Are you interested in being part of a top-notch security team covering all Amazon consumer devices (including hardware and low-level functionality) as well as key Amazon services supporting our devices (such as Computer Vision, Alexa, Kindle, etc.)? Do you want to be part of an offensive security team dedicated to detection and exploitation of vulnerabilities prior to launch in order to keep Amazon consumer devices and services safe? Your work directly impacts the way our customers, teams, and business across the globe get things done. If you want to keep customers safe, then we have a job for you! You can learn more about security at Lab 126 here: https://www.youtube.com/watch?v=k0UTTxzeGog.

In this role, you will be part of a dedicated team of talented security engineers performing penetration testing exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You’re well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you’re passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work’s impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.

Key job responsibilities

Perform penetration testing exercises across all products, services, and software released by Amazon Lab126 and develop proof of concept exploits.
Perform vulnerability detection using variety of automated static, dynamic analysis as well as custom tooling (e.g. static analyzers, fuzzers, scanners, analyzers, etc.) to scale vulnerability detection and enable easier analysis of externally reported issues.
Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements
Create tools for the discovery of vulnerabilities as well as scale security testing.
Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.

A day in the life

Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
Perform code review of a driver for a new device being launched to our customers
Write proof-of-concept code to demonstrate the impact of a security issue
Ensure high security of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
Verify the code fixes made to address security issues
Develop scripts or tools to automate assessments of targets
Conduct independent vulnerability research on launched products or dependencies

About the team
Within the Devices and Services Security organization, the internal penetration testing team is responsible for product implementation reviews: penetration testing, fuzzing and vulnerability research. The internal penetration testing team is part of the Devices and Services Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more).

While the majority of our Security roles are based in the US west coast, by applying to this position your application will be considered for all locations we hire for in the United States, including but not limited to: Seattle, WA; New York, NY; Bellevue, WA; Sunnyvale, CA; Austin, TX.

Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

Any of the following are preferred by not required to be considered for this role

Master’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent
6 years of experience scripting in Python or other equivalent interpreted languages (ruby, bash, JavaScript, Go)
4 year of development experience in C, C++, assembly (x86, x86-64, ARM) and/or Java
Experience in embedded/IoT device security or web services security specifically, with experience of performing software security audits, vulnerability discovery and analysis.
Experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
Experience with static and dynamic tools for vulnerability detection and exploit mitigation techniques
Product security incident response in mobile, IoT or cloud services verticals
Experience with extracting firmware, reverse engineering a variety of hardware and software, including firmware, operating systems, and applications, binary analysis and proof of concept exploit development
Knowledge of common wireless connectivity protocols with focus on protocol and implementation security vulnerabilities (e.g. Bluetooth, WiFi, 802.15.4)
Knowledge of hardware security mechanisms, including secure boot, trusted execution environments
Meets/exceeds Amazon’s leadership principles requirements for this role

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Apply Here
For Remote Pentest Security Engineer, Penetration Testing roles, visit Remote Pentest Security Engineer, Penetration Testing Roles

********

Vulnerability Analyst at Nelnet

Location: Austin

CampusGuard, a Nelnet Company, provides information security services for campus-based organizations including higher education institutions, healthcare providers, city, county and state government agencies and hospitality markets. As a full-service information security firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world class information security & compliance services.

CampusGuard, a Nelnet company, provides cybersecurity and compliance services for campus-based organizations including higher education institutions, healthcare providers, state and local government agencies, utilities and hospitality markets. As a full-service firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world class information cybersecurity & compliance services.

The Vulnerability Analyst provides vulnerability scanning and vulnerability management consulting services using accepted standards, frameworks, and best practices including but not limited to PCI DSS, NIST SPs 800-53 and 800-171. The Vulnerability Analyst will gather and analyze customer information, configure vulnerability scans, analyze the results of the scans, determine if the results are complete and free of possible false positives, generate reports, and provide feedback on findings, with remediation recommendations included where necessary. Vulnerability Analysts provide ongoing consultation services to customers via recurring and ad-hoc meetings and email communications. The Vulnerability Analyst provides sales support in the form of participation in sales calls relevant to the vulnerability scanning service, conference attendance, collaboration with Customer Relationship Manager (CRM) partners, and other tasks as needed.

JOB RESPONSIBILITIES:

Responsibilities include, but are not limited to the following:
• Facilitate the generation of vulnerability scan reports, review for accuracy, determine if false positives exist, and provide customers feedback based on the results
• Engage in discussions with customers to provide additional remediation guidance and manual testing methods to achieve information security and compliance objectives
• Participate in annual ASV scan solution re-certification
• Manage asset inventory and updates for all scanning equipment
• Assist the Offensive Security Services team with remediation verification of penetration test findings as required
• Assist the Offensive Security Services team with system maintenance of internal systems as required
• Participate in relevant sales calls as subject matter expert
• Attend conferences as appropriate in support of the company
• Prepare and perform relevant industry-related presentations, webcasts, and/or blog posts
• This is a remote work position. Candidate must be able to work in a home office environment with minimal supervision
• All other duties as assigned

EDUCATION:
• Minimum acceptable education requirements: Bachelors degree, and/or 3 years experience in a security analyst, vulnerability analyst, or closely related role

Note: Candidate must agree to prepare for and pass the PCI Approved Scanning Vendor (ASV) certification within two months of hire, and any other certifications as directed by his or her manager.

EXPERIENCE :

Minimum acceptable work experience requirements: If a candidate does not satisfy any of the above education criteria or certificates, he or she must have a minimum of five years of relevant information security experience or proof of other recognized security certifications.

SKILLS/KNOWLEDGE/ABILITIES:
• Candidate must have systems administration experience (e.g., Windows and Linux)
• Candidate must have experience with vulnerability scanning software (e.g., Qualys, Tenable Nessus, Burp Suite)
• Candidate must understand network architecture and administration
• Candidate must understand security appliances and their configuration (e.g., firewalls, Intrusion detection systems, etc.)
• Candidate must be able to communicate risk effectively to customers and stakeholders within the organization
• Candidate must demonstrate attention to detail, and ability to be consistent
• Candidate must have the ability to manage projects in a face-paced environment

COMPETENCIES:
• Understanding of vulnerability management processes
• Understanding of information systems, networks, and related security issues
• Understanding of vulnerabilities, impact and risk associated with them

For CO Residents: Salary is $55,000 and up based on experience

Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: LINK ([Link available when viewing the job] .

Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.

Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at [Phone number shown when applying] or [Email available when viewing the job] .

Nelnet is a Drug Free and Tobacco Free Workplace.
Apply Here
For Remote Vulnerability Analyst roles, visit Remote Vulnerability Analyst Roles

********

Offensive Security Engineer at Cisco

Location: Austin

Please note this posting is to advertise potential job opportunities. This exact role may not be open today, but could open in the near future. When you apply, a Cisco representative may contact you directly if a relevant position opens.

What You’ll Do

As a team member of Cisco’s Advanced Security Initiatives Group, you will evaluate our products and services to identify security vulnerabilities, weaknesses, and improvements that result in more resilient and hardened offers used by our global customers. You will learn to adopt an attacker mindset using tools, techniques, and processes that emulate those used by sophisticated and motivated adversaries. You will work with amazingly creative, innovative, and collaborative security researchers to continuously develop new and constantly evolving ethical hacker skills and expansive networking product knowledge. You will partner with Cisco’s industry leading engineering teams to review the latest complex and industry leading system and application architectures, contribute to creative security solutions, and gain unparalleled access to and experience with the latest technologies. You will also have opportunities to work on independent and/or team research of advanced topics to explore and develop your own new and novel tools and ideas as part of our “Free Friday” innovation incubation process.

Who You’ll Work With

Our security team is dynamic, hardworking, fun, and high-energy, but the work is done in a very casual environment that strongly encourages a good work/life balance. Not only will you will be working alongside a team of expert security researchers with a diverse spectrum of skills and experience levels, you will also be interacting with a variety of engineering teams across Cisco. Cisco ASIG cultivates an environment where every individual’s input and experience is valued. Our team prioritizes training sessions and a mentor program to surround you with experts and resources to help get you up to speed.

Who You Are

Would you enjoy finding security flaws in mission-critical systems, modeling prototype attacks that malicious users might take advantage of, and designing mitigations to thwart motivated and inventive adversaries? If you have a passion for computer security, enjoy solving difficult problems, and relish working with emerging technologies, Cisco wants you! Global ISPs, Fortune 500 companies, and world governments all depend on Cisco for critical infrastructure, and we want the best and brightest ensuring that we keep delivering rock-solid secure solutions to meet their needs.

Desired Experience
• 3+ years of security penetration testing experience, including areas like web applications, APIs, user interfaces, and embedded devices
• 3+ years of software engineering experience with C, C++, or Python/Ruby, or a commonly used programming language, with experience in secure coding/development and code analysis for vulnerabilities. Recent academic experience may qualify.

Skilled in two or more of following areas
• Strong understanding of operating system concepts in the areas of memory management, computer architecture, or binary analysis
• 3+ years of hands on Unix experience with a solid understanding of security hardening configurations and capabilities
• 3+ years of experience with applied crypto, through implementation or analysis of crypto algorithms
• 3+ years of experience with network protocols, through implementation or analysis
• 3+ years of experience as a DevOps engineer, with a focus on DevOps security

OSCP or related industry certifications are a plus.

Other Desired Skills (and/or skills you’ll have a chance to develop)
• Applied architectural security
• Cryptographic algorithm design and review
• Operating system fundamentals and secure configuration
• Security of virtualization platforms and techniques
• Network protocol analysis and debugging
• Web protocols and API security
• Secure development practices
• Software vulnerability assessment, fuzzing, and code analysis
• Reverse engineering
• Exploit development

Job Requirements

Preferred sites Knoxville, Tennessee; Austin, Texas; or Research Triangle Park, North Carolina. Willing to consider remote.

US Citizenship is required due to the nature of the work this position will perform and the government customers with which the role will work.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records

Why Cisco

#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference. Here’s how we do it.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. A blockchain company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)

Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take bold steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.
Apply Here
For Remote Offensive Security Engineer roles, visit Remote Offensive Security Engineer Roles

********

Lead information security analyst – red team at McKesson

Location: Austin

McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.

Job Description :

A penetration-tester/red team member is a very hands-on representative of the information security team. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.

Penetration-testers/red teamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times.

Essential Job Duties :
• Document and formally report testing initiatives, along with remediation recommendations and validation.
• Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
• Develop and maintain tools and scripts used in penetration-testing and red team processes.
• Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
• Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.
• Perform other duties as assigned.

Qualifications :
• At least 5-7+ years experience in information security administration, offensive tactics, penetration testing and red team operations.
• Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
• Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
• Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
• Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).

Additional Skills and Experience :
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Self-starter requiring minimal supervision.
• Excellence in communicating business risk and remediation requirements from assessments.
• Analytical and problem-solving mindset.
• Highly organized and efficient.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education Requirements :
• Bachelor’s degree in computer science (preferred), information assurance, MIS or related field, or equivalent experience.

Certifications :
• Preferably, one or more of the following: OSCP, CEH

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to …@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!
Apply Here
For Remote Lead information security analyst – red team roles, visit Remote Lead information security analyst – red team Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo