Senior Consultant, Penetration Tester
As a trusted advisor and leader in cybersecurity, Coalfire has more than 15 years in the IT security services field. We empower organizations to reduce risk and simplify compliance, while minimizing business disruptions. Our professionals are renowned for their technical expertise and unbiased assessments and advice. We are on the cutting edge of one of the world’s most important industries, and we protect our clients from ever-evolving security threats through our innovative advisory, auditing and ethical hacking solutions.
Coalfire is composed of highly specialized security testers with a passion for enhancing system security postures. Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members have presented at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, about offensive and defensive operations as well as the tools and capabilities we create and share. Come join an amazing technical security team who makes a difference in the information security industry and consistently pushes the limit of offensive and defensive security capabilities. We're currently seeking a Sr. Penetration Tester to join our team.
What you’ll do:
- Conduct network and web application penetration testing, code reviews, social engineering, red team engagements, and physical security assessments
- Conduct security assessments on a wide variety of technologies and implementations
- Simulate sophisticated cyberattacks for clients worldwide
What you’ll bring:
- 3+ years’ experience in information security with web application and network penetration testing experience
- Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
- Deep experience engaging clientele in consulting-related environments
- Experience leading or participating in Red Team engagements
- Reverse engineering malware, data obfuscators or ciphers
- An aptitude for technical writing, including assessment reports, presentations and operating procedures
- Strong understanding of security principles, policies and industry best practices
- Ability to travel up to 20%
- An advanced degree in an IT-related field
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Experience with API testing and Mobile Application testing
- Working knowledge of defensive security techniques and technologies
- Experience in exploit development
- CISSP, OSCP/E, GWAPT, GPEN, or GXPN certification(s)
- Familiarity with debuggers and disassemblers
Why you’ll want to join us?
Our people make Coalfire great. We work together on interesting projects and achieve exceptional results. We act as trusted advisors to our customers and are committed to client and industry innovation. We offer our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We’re connected by our desire to innovate and our goal to make the world a more secure place.
Coalfire’s high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire – we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we’re active in our communities. Plus, we offer great benefits, including:
- Health, dental, and vision insurance with an employer contribution
- Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
- A generous 401(k) plan
- A corporate wellness program
- Tuition reimbursement
- A kitchen stocked with snacks, coffee, and tasty beverages!
Coalfire is an EEO employer.
Coalfire Systems, Inc.
IT Audits and Risk Asessments, Penetration Testing, PCI-DSS / PA-DSS Compliance Assessments, HIPAA / HITECH / HITRUST Assessments, FFIEC Controls Assessments, Internal / External Vulnerability Scans (ASV Services), FISMA / FedRAMP 3PAO Advisory and Assessments
Company Type: Privately Held
Company Size: 201-500