Penetration Testing Specialist at Wells Fargo
Location: New York
About this role:
Wells Fargo is seeking a Senior Cyber Security Research Consultant that will investigate existing types of malware, analyze their capabilities, and attempt to predict new forms of malware to develop appropriate security responses.
In this role, you will:
• Lead or participate in the research, analysis, design, testing and implementation of complex computer network security and protection technologies for company information and network systems and applications
• Act as professional ethical penetration tester utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of attackers to identify vulnerabilities and associate with a severity rating by deriving impact and ease of exploit
• Review and analyze advanced computer security incident response activities and technical investigations of information security related incidents or breach related activates
• Perform tests on networking devices, appliance products and web based application
• Implement and develop custom penetration testing techniques and tools
• Perform security risk assessments to ensure compliance with corporate information security policies and adherence to best practices
• Provide guidance and leadership to more experienced Information Security Engineers and act as a mentor for these engineers interested in penetration testing and offensive security
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
Required Qualifications, US:
• 4+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or Web Application Penetration Tester (WAPT) certification
• Experience performing penetration tests on mobile applications
• 2+ years of Python experience
• Knowledge and understanding of vulnerability identification and remediation
• Strong analytical skills with high attention to detail and accuracy
• Knowledge and understanding of information security industry standards and government regulations
Web & Mobile application penetration testing
$115,900.00 – $206,100.00 Annual
• Information about Wells Fargo’s employee benefits
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
For Remote Penetration Testing Specialist roles, visit Remote Penetration Testing Specialist Roles
Penetration Tester at SysMind
Location: New York
• Hope you are doing great.
• This is Ashwani from Sysmind.
• Please go through the job description and let me know if you are interested in the same.
• Please reply with your updated resume and expected rate/compensation.
• Feel free to contact me on *609-897-9670 x 3528
• for more information.
• Role: Penetration tester
• Job Location: NY/ NJ/ FL (Onsite From Day 1)
• Job Description: *
• · Perform penetration testing on network, web, mobile (Both Android & iOS), thick client and ICS/SCADA devices.
• (Recommended to have expertise in more than 1 domain)
• · Identify and exploit vulnerabilities in products under test.
• · Research fuzzing tools and conduct penetration test on a variety of Schneider Electric products via communication interfaces such as Modbus, Wi-Fi, Bluetooth, and others.
• · Develop detailed PoC’s , train product teams and promote security awareness.
• · Support research on emerging security topics, new attack vectors and keep up-to date Competences
• Thanks & Regards,
• Phone: 609-897-9670 x 3528
• Job Type: Contract
• Salary: $48.18 – $79.60 per hour
• New York, NY: Reliably commute or planning to relocate before starting work (Required)
• Penetration testing: 6 years (Preferred)
• Network security: 6 years (Preferred)
• Information security: 6 years (Preferred)
• Work Location: One location
For Remote Penetration Tester roles, visit Remote Penetration Tester Roles
Senior Cloud Penetration Tester Red Team Remote Northeast US at Mandiant
Location: New York
Company DescriptionSince 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.Job DescriptionA successful Cloud Penetration Tester – Red Team at Mandiant should possess a deep understanding of both information security and computer science. They should understand basic concepts such as cloud networking, identity and access management, console, applications, functions, and other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a web application hosted in the cloud, accessing sensitive information or compromising the environment, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in cloud infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The objective doesn’t end at gaining “global admin” or “root”; this is expected and is only the starting point.You are expected to quickly assimilate new information as you will face new client environments on a recurring basis. You will be expected to understand the applicable threat vectors for each environment and assess them properly. You will get to work with some of the best red teamers in the industry, enabling you to develop new skills as you progress through your career. Are you up to the challenge?Responsibilities:Perform cloud penetration testing, red teaming, remediation activities, and threat analysis assessmentsDevelop comprehensive and accurate reports and presentations for both technical and executive audiencesEffectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counselRecognize and safely utilize attacker tools, tactics, and proceduresDevelop scripts, tools, or methodologies to enhance Mandiant’s red teaming processesAssist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staffQualificationsMinimum Requirements:2-3 years experience in the following:Azure, AWS, GCP, and Kubernetes Strong knowledge of IAM, VPCs, Storage containers, Databases, Functions, Logging, APIs, etc. Cloud penetration testing and manipulation of cloud network infrastructureCloud architecture designDevelopment and usage of Terraform, Docker, Ansible, etc. Shell scripting or automation of simple tasks using Perl, Python, or RubyDeveloping, extending, or modifying exploits or exploit toolsFunction code review for control flow and security flawsStrong knowledge of tools used for cloud and network security testingThorough understanding of network protocols, data on the wire, and covert channelsMastery of Unix/Linux/Mac/Windows operating systems, including Bash and PowerShellMust be eligible to work in the US without sponsorshipPreferred Qualifications:Ability to successfully interface with clients (internal and external)Ability to document and explain technical details in a concise, understandable mannerAbility to manage and balance own time among multiple tasks, and lead junior staff when requiredIncident Response, Incident Remediation, and Security Architecture experience Knowledge of cloud-based CI/CD products, such as AWS Code Pipeline, Azure DevOps, and GCP Cloud Build Knowledge of tools such as Terraform integrated with cloud-based CI/CD products Ability to travel up to 20%Additional InformationAs a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position is covered under Mandiant’s COVID-19 Vaccination Policy and therefore proof of vaccination against COVID-19 will be required as a condition of hire.At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.This is a regionally-based role that must be located in Connecticut, Delaware, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, or Vermont
For Remote Senior Cloud Penetration Tester Red Team Remote Northeast US roles, visit Remote Senior Cloud Penetration Tester Red Team Remote Northeast US Roles
Director of Product Marketing Cybersecurity at BreachLock Inc
Location: New York
BreachLock is looking for a US based Product Marketing Professional who is passionate about Cybersecurity. As a Director of Product Marketing, you are an experienced, trusted advisor with deep domain knowledge on Vulnerability Management. In this role, you will be able to drive BreachLock’s competitive strategy, messaging strategy, produce high impactful thought leadership content, present at large conferences and webinars, and support worldwide clients and train sales team. Experience as an Industry Analyst or domain expertise in the area of vulnerability scanning and Penetration Testing is a big plus. You will be reporting into the Founder & CEO. The role is fully remote but needs the candidate to be based in the United States.
Who are we?
BreachLock is World’s first full stack PTaaS powered by Certified Hackers and AI. We are a young and international startup headquartered in Amsterdam and hubs in the New York, London and New Delhi. BreachLock has been featured in Gartner Hype Cycle 2021 and 2022 as a leading PTaaS and won several awards for their innovative and ambitious approach to disrupt the Pen Testing industry.
Some of our achievements include:
• One of the fastest-growing SaaS companies in Cyber Security.
• Featured on Bloomberg, Reuters, Forbes and RTL Z
• HOT 150 Cybersecurity companies 2021 – Cybersecurity Ventures.
• Cyber Security Innovator for Analysis and Testing category 2019 – SC Magazine.
• Featured in Top 8 Global PTaaS -Gartner Hype Cycle 2021 and 2022
We are hiring a Product Marketing professional to join our team. This role is instrumental in conceptualising and manifesting BreachLock’s messaging strategy from a Cybersecurity domain expertise perspective. This position reports to the CEO and is open to interested and qualified candidates in the US only.
• Act as a proactive and designated subject matter expert/ though leader for Offensive Security/ Pen Testing as a Service, maintain competitor radar and provide deep insights into the market landscape and technical differentiation.
• Act as the focal point to develop BreachLock messaging and positioning as a though leader in Offensive security.
• Support Sales teams by engaging directly with clients/prospects on strategic competitive opportunities.
• Develop startegic content, data sheets and other technical material that can help streamline sales process.
• Develop and deliver sales training that enables BreachLock to win against competitors.
• Build high impactful thought leadership collateral (whitepapers, blogs, presentations, etc.) regarding offensive security and PTaaS.
• Be the designated spokesperson for physical and virtual conferences.
• Maintain and grow analyst relations to ensure BreachLock receives mentions in various reports and white papers for its field of expertise.
• Amplify BreachLock messaging on social media in collaboration with the Marketing Team.
• At least five years of analyst, strategic sales, technical marketing experience, ideally in a cybersecurity company.
• Must have experience in having technical and strategic conversations with CxO’s.
• Must be a recognized thought leader through published articles, whitepapers, or regular presentations at large conferences or webinars.
• Have an excellent understanding of the broader security market and demonstrable experience in objection handling and positioning against competitive technologies.
• Experience in project management with strong attention to detail, logistically and operationally.
What you can expect
• You join a world class team helping to make cyberspace safer
• You will get an opportunity to test your limits in this promising startup
• Industry-standard financial benefits
• Strong career prospects in an early-stage startup
• A travel card to cover travelling cost
• Paid lunch at office
• A great start-up vibe at your workplace
For Remote Director of Product Marketing Cybersecurity roles, visit Remote Director of Product Marketing Cybersecurity Roles
Senior Security Testing Consultant at Aon Hewitt
Location: New York
Aon is looking for a Senior Security Consultant The Proactive Security Testing team is looking for smart, energetic, and motivated individuals to add to its team. We provide a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, delivers conference talks, contributes to open source software projects, and are engaged in a variety of continuous security research projects.
As a Senior Security Consultant, you will serve as an experienced member of the penetration testing team and be expected to:
Perform complex penetration testing projects in the realms of red teams, network penetration testing (external & internal), reverse engineering, web/mobile application penetration testing, source code review, etc. Execute penetration testing projects according to internal testing methodology, tools, and processes Document technical issues identified during security assessments to articulate the risk to the client, as well as provide tailored recommendations for remediation.
Perform vulnerability research and exploit development Assist with internal business operations such as service line development, process improvements, and recruiting new penetration testing talent You Bring Knowledge and Expertise
The following are expected from potential applicants: 2 years of experience with penetration testing against web/mobile applications, above and beyond running automated tools. 2 years of experience with network/infrastructure penetration testing. Development and/or source code review experience in Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective C/C++, Kotlin, etc. Familiarity with application layer assessment tools, such as Burp Suite and other fuzzers/proxies.
A good understanding of Unix, Windows and network security skills.
Ability to work both independently and perform as a leader in a team environment.
Ability to work remotely as part of a distributed team and travel to client sites when required.
– Current travel is HIGHLY limited due to COVID-19 Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences.
The following skills are not required from applicants but would be considered a plus:
Degree in Computer Science, Information Systems, Engineering or related major. Reputable security certifications, including: OSCP, OSCE, OSWE, OSEE, OSWP, GPEN, GXPN, CMWAPT
Experience working as a consultant at a reputable penetration testing company.
Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification.
Experience with performing red team assessments
Experience with exploit development and reverse engineering
Experience with client/server thick client penetration testing. Solid understanding of cryptography fundamentals. Produced public facing research and/or delivered presentations n industry security conferences.
Bachelor’s degreeor equivalent years of industry experience.
We offer you Acompetitivetotal rewards package, continuing education & training, and tremendous potential with agrowingworldwide organization. Our Colleague
From helping clients gain access to capital after natural disasters, to creating access to health care and retirement for millions, Aon colleagues empower results for our clients, communities, and each other every day. They make a difference, work with the best, own their potential, and value one another. This is the Aon Colleague Experience, defining what it means to work izing our vision of empowering human and economic possibility.
Senior Security Engineer – Application Pentester at Sigma Computing
Location: New York
• As a member of the Security Team you will be making our service more secure while changing the way security analytics is done.
• Shifting away from expensive legacy solutions to analyzing security data directly in the data warehouse, building amazing visualizations as well as dashboards and evangelizing this solution in the community.
• You will be encouraged to blog, speak and join security events to talk about the work you are doing and how other companies can utilize it to better analyze their security data.
• Beyond security analytics you will also be pushed to solve security problems through automation (“let the robots do the work”) and become a leader in this space.
• If you’re a builder that enjoys working with cutting edge technologies, we’d love to hear from you!
• You will In this role, you will be part of a dedicated team of talented security engineers performing application penetration testing exercises, code reviews, threat modeling to identify vulnerabilities You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities Perform vulnerability research using a variety of custom tooling and technologies.
• Write proof-of-concept code to demonstrate the impact of a security issue.
• Tracking and researching the latest attacks and how they might apply to our environments.
• Develop scripts or tools to automate assessments of targets Conduct independent vulnerability research on launched applications.
• Shaping services through security review of design, architecture, and implementation.
• Build security into our SDLC, Build Threat modeling with Engineering Teams.
• Build Red Team Exercises Qualifications Minimum of 5 years of experience in source code auditing, application Pentesting,Static and Dynamic analysis, bug hunting or CTF experience You are hands-on, and you can clearly articulate prioritized, actionable security work for Engineering.
• Minimum of 2 years of professional experience in Threat modeling.
• Have demonstrable history in building the application security posture at your previous companies.
• Minimum of 5 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines Have strong Knowledge of Application Security risks, IAC within containerized and cloud environments.
• Passionate about writing and want to be an evangelist.
• You’ll need to be able to enjoy writing detailed blog posts and technical documentation.
• Building some of these solutions requires some coding exposure.
• Any past experience in typescript, Golang, or Rust is required.
• Hands-on experience in AWS, GCP or Azure.
• Good to have – Cloud Network Pentesting Experience Note: The world around us is changing, but we at Sigma Computing are growing and scaling.
• We raised our Series C in Dec 2021.
• With that, and us being able to 3X our revenue year on year, hiring and building out the best version of our product is priority.
• That is why we want to talk to you.
• About us: At Sigma Computing, our mission is to empower everyone to make the best possible decisions at every turn by removing the barriers that prevent people from analyzing data across sources and delivering the full spectrum of self-service cloud analytics and business intelligence.
• We recently announced a $300M Series C raise from Co-Leads D1 Capital Partners and XN, Existing Investors Sutter Hill Ventures and Altimeter Capital, and Snowflake Ventures.
• Come join us to help us be smarter and grow together!
• Benefits For Our Full-Time Employees: Equity Generous health benefits Flexible time off policy.
• Take the time off you need!
• Flexible schedule, do the work you need to get done in the time you have to get it done At least 12 weeks of paid bonding time for all new parents Traditional and Roth 401k Commuter and FSA benefits Sigma Computing is an equal opportunity employer.
• We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status.
• We look forward to learning how your experience can enable all of us to grow.
• Note: We have a hybrid work environment.
• We have safely reopened our office in SF and are following city and CDC guidelines.
• And our NYC office is close to ready for occupation!
For Remote Senior Security Engineer – Application Pentester roles, visit Remote Senior Security Engineer – Application Pentester Roles
Red Team Associate OperatorPenetration Tester at Federal Reserve System
Location: East Rutherford
CompanyFederal Reserve Bank of RichmondWhen you join the Federal Reserve—the nation’s central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We dedicate more than $1 billion to technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future. Bring your passion and expertise, and we’ll provide the opportunities that will challenge you and propel your growth—along with a wide range of benefits and perks that support your health, wealth, and life. In addition to competitive compensation, we offer a comprehensive benefits package that includes tuition assistance, generous paid time off, top-notch health care benefits, child and family care leave, professional development opportunities, a 401(k) match, pension, and more. All brought together in a flexible work environment where you can truly find balance.About the Opportunity Our National Incident Response Team (NIRT), a national service provider for the Federal Reserve System (FRS), delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the FRS. NIRT’s mission is to play a leading role in the FRS’ efforts to protect its information systems against unauthorized use.NIRT’s Adversary Emulation team has an immediate opening for an Associate Operator to join their team as a key participant on engagements and projects that will target and evaluate the cyber security posture of people, processes, and technology within the FRS. As an Associate Operator, you will report to the Sr. Manager and work on a team of security professionals focused on enabling business line initiatives by performing security assessments against people, processes, and technologies by using automated and hands-on tools that simulate attacker tactics, techniques and procedures (TTPs). You will also perform assessments for new and existing services, infrastructure, and applications to identify weaknesses before an attacker does.You will use a variety of tools and techniques including penetration testing, red teaming, purple teaming, and social engineering and have the opportunity to combine your technical expertise with your imagination to discover innovative methods for ensuring that the FRS remains one step ahead of its adversaries around the world.What You Will DoStrengthen FRS security posture through offensive security assessments including the identification and exploitation of vulnerabilities across the systemLeverage offensive security foundational knowledge to execute cybersecurity solutions to benefit security engagements and mitigate cyber threatsImprove operational efficiency by building and evaluating workflow processes, procedures, checklists, automation, and toolingEnable success of security initiatives by performing tasks to development surrounding security or technology capabilities and creating operations-based documentationAddress cybersecurity needs by advising clients on best practices and how to implement changes to securely address complex business needsExecute on cross-team initiatives to implement cybersecurity improvements for recognized gapsGrow security capabilities to defend the FRS by working with internal and external stakeholders to execute on strategies and plans to enforce security requirementsIdentify and prioritize key risk areas balancing business risk and cyber threats via research of industry trends and business partner missionsAssist and execute technical security assessments to identify risk, likelihood and impact an attacker may have on the System due to weak or missing controlsQualifications: 3-7 years of relevant information security related work experience in areas such as: computer network defense, computer network exploitation and post-exploitationBachelor’s degree or equivalent work experienceThe following certifications are highly preferred: CEH, Security +, GCIH, GSECUnderstanding of all phases of adversary emulation operations including reconnaissance, social engineering, exploitation, post-exploitation, covert techniques, lateral movement, and data exfiltrationKnowledgeable in offensive cybersecurity roles, such as malware development, red teaming, penetration testing (e.g., web, infrastructure, cloud), purple team exercises in cloud and on-prem environmentsTeam player with interpersonal, collaborative and consultative skillsAdept attention to detail, oral and written communications skills tailored to audiences ranging from technical subject matter expert partners to senior executive stakeholdersUnderstanding client relationships, including determining needs, learning expectations, and demonstrating commitment to delivering quality resultsFamiliar with scripting/programming of Python, PowerShell, or C# with the ability to create and customize toolsThe following certifications are highly preferred: CEH, Security +, GCIH, GSEC3-7 years of relevant information security related work experience in areas such as: computer network defense, computer network exploitation and post-exploitationBachelor’s degree or equivalent work experienceOther Requirements and Considerations: Sponsorship is not available for this role. The selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information. The ability to obtain and maintain a National Security Clearance (Secret or Top Secret) is required for this role. US Citizenship is required to be eligible for a National Security Clearance.A requirement of this position is that the employee must be fully vaccinated against COVID-19; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.Candidates should review the to ensure compliance with conflict of interest rules and personal investment restrictions. The Richmond, VA hiring range of the Red Team Associate Operator/Penetration Tester is $80,000 – $110,000 annually.For candidates in certain markets (Boston, MA; Chicago, IL; Los Angeles, CA; New York City Metro Area, Philadelphia, PA; San Francisco, CA; Seattle, WA) the listed hiring and salary ranges may be adjusted based on your geographic location.Salary offered will be based on the job responsibilities and the individual’s knowledge, skills, and experience as defined in the job qualifications.#FRB123Full Time / Part TimeFull timeRegular / TemporaryRegularJob Exempt (Yes / No)YesJob CategoryAnalyticalWork ShiftFirst (United States of America)
For Remote Red Team Associate OperatorPenetration Tester roles, visit Remote Red Team Associate OperatorPenetration Tester Roles