Fulltime Penetration Tester openings in Portland on September 23, 2022

Penetration Testing Engineer at Amazon Web Services (AWS)

Location: Portland

Job Summary

DESCRIPTION

Do you enjoy reading source code and finding unique security concerns? Do you enjoy writing proof of concept code to demonstrate the potential impact of an issue by demonstrating it? Do you enjoy protecting customers at scale? On the AWS Penetration Testing team, we enjoy doing it all.

Our team is responsible for the manual assessment of all products, services and software released by AWS. We specialize in digging deep to find security issues that static analysis tools can’t, and write the tooling to help with these goals. The AWS surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.

On this team, you will be reading and manually reviewing source code in Java, Ruby, Python, JavaScript, Rust, C, and other languages to look for security bugs. On this team you’ll be writing proof of concept software to clearly demonstrate impact of an issue. This is not a software development engineering nor is it a red team position, thus you’ll need to feel very comfortable reading and writing code.

Responsibilities
• Manually audit the source code of web services and software authored in house by Amazon
• Write proof of concept code to demonstrate the severity of a potential security issue
• Provide clear communication on issues to developers that suggest and help to test the fix
• Partner with AWS developers to drive improvement in application security as a result of security review engagements
• Provide actionable long term risk mitigation guidance
• Conduct independent vulnerability research pertaining to AWS relevant technologies.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Basic Qualifications
• A Bachelor’s degree in Computer Science, Cybersecurity, Customer Security, or equivalent professional experience can be used in lieu of a degree.
• Minimum of 3 years of experience in source code auditing, bug hunting or CTF experience.
• Minimum of 3 years of experience with manually auditing source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issues.
• Minimum of 3 years of experience scripting in Python or other equivalent interpreted languages.
• Minimum of 3 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines.

Preferred Qualifications
• Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
• Experience with bug hunting, bug bounties, capture the flag, software development
• Experience with multiple programming languages
• Meets/exceeds Amazon’s leadership principles requirements for this role
• Meets/exceeds Amazon’s functional/technical depth and complexity for this role

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Company – Amazon Dev Center U.S., Inc.

Job ID: A2050905
Apply Here
For Remote Penetration Testing Engineer roles, visit Remote Penetration Testing Engineer Roles

********

Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN at EY

Location: Portland

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.
• *The opportunity**

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team works together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
• *Your key responsibilities**

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.

As part of our Penetration Testing team, you’ll identify potential threats and vulnerabilities to operational environments. Projects here could include penetration testing and simulating physical breaches to identify vulnerabilities.

Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
• *Skills and attributes for success**

+ Perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing.

+ Execute red team scenarios to highlight gaps impacting organizations security postures.

+ Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.

+ Provide technical leadership and advise junior team members on attack and penetration test engagements.

+ Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.

+ Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

+ Execute penetration testing projects using the established methodology, tools and rules of engagements.

+ Convey complex technical security concepts to technical and non-technical audiences including executives.
• *To qualify for the role you must have**

+ Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major with a minimum of 3 years of related work experience or a Master’s degree and approximately 1-2 years of related work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.

+ Experience with manual attack and penetration testing.

+ Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc).

+ Updated and familiarized with the latest exploits and security trends.

+ Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.

+ Familiarity to perform network penetration testing in stealth manner.

+ Any two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.

+ A driver’s license valid in the U.S

+ Willingness and ability to travel domestically and internationally to meet client needs.

+ ?Estimated travel required up to 50%.
• *Ideally, you’ll also have**

+ Knowledge of Windows, Linux, Unix, any other major operating systems.

+ Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends in Cloud implementations.

+ Deep understanding of TCP/IP network protocols.

+ Deep understanding and experience with various Active Directory attack techniques.

+ Understanding of network security and popular attacks vectors.

+ An understanding of web-based application vulnerabilities (OWASP Top 10).
• *What we look for**

We’re interested in intellectually curious people with a genuine passion for cyber security. With your specialization in attack and penetration testing, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
• *What we offer**

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

+ **Continuous learning:** You’ll develop the mindset and skills to navigate whatever comes next.

+ **Success as defined by you:** We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

+ **Transformative leadership:** We’ll give you the insights, coaching and confidence to be the leader the world needs.

+ **Diverse and inclusive culture:** You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
• *If you can demonstrate that you meet the criteria above, please contact us as soon as possible.**
• *The exceptional EY experience. It’s yours to build.**
• *EY | Building a better working world**

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at [Email available when viewing the job] .

CYBERFY23
Apply Here
For Remote Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN roles, visit Remote Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN Roles

********

Senior Security Consultant (Penetration Testing) at NetSPI LLC

Location: Portland

NetSPI is a dynamic cyber security company headquartered in Minneapolis. We are a recognized leader in penetration testing and attack surface management. We specialize in premier offensive security testing, delivered by security experts, through a modern and unforgettable customer experience. NetSPI is going through a period of hypergrowth and to keep up with demand we are always looking for innovative minds to join us in helping the largest organizations in the world protect their technology and data from cyber threats. If you thrive in a collaborative setting and enjoy working with best-in-class technology and people, we want to meet you!.

A day in the life of a NetSPI Senior Security Consultant:
• Perform web, mobile, and thick application penetration tests
• Perform external, internal, and wireless network penetration tests
• Create and deliver penetration test reports to clients
• Collaborate with clients to create remediation strategies that will help improve their security posture
• Research and develop innovative techniques, tools, and methodologies for penetration testing services
• Participate in the ongoing development/enhancement of NetSPI services and processes, in addition to thought leadership (via blogs, presentations, white papers, webinars, podcast, vlogs and tweets)
• Provide pre-sales support by assisting with scoping prospective engagements
• Act as a resource for internal team members as it relates to in-depth technical questions or best practices
• Responsible for QA activities in assigned service lines
• Other duties as assigned

Requirements:
• Bachelor?s degree or higher, with a focus on IT, Computer Science, Engineering or Math
• 3-5 years of experience in penetration testing, including network, web or mobile application testing
• Experience with offensive toolkits used for network and application penetration testing
• Strong communication skills, both verbal and written
• Knowledge of Linux and/or Windows administration
• Up to 10-15% travel

Preferred Qualifications:
• Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#
• GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications
Apply Here
For Remote Senior Security Consultant (Penetration Testing) roles, visit Remote Senior Security Consultant (Penetration Testing) Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo