We are seeking an experienced Lead Pen Tester and Vulnerability Specialist to join our dynamic cybersecurity team. As the Lead Vulnerability Analyst, you will be a key player in ensuring compliance with various governance frameworks, including PCI-DSS, HIPAA, and others, by conducting approved vulnerability scans using the Qualys software suite on a schedule or as triggered, and prioritizing vulnerabilities. Your exceptional expertise in vulnerability identification, data analytics, risk prioritization, and reporting to different stakeholder groups, coupled with your familiarity with relevant regulatory and governance framework requirements, will be invaluable in preparing reports for internal and external audits. You will work closely with our team and will be responsible for effectively utilizing your skills to enhance the Vulnerability Management (VM) program.
Qualifications and Required Experience:
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
Industry certifications such as OSCP, OSCE, CISSP, or similar are highly desirable.
4-6 years of experience in Penetration Testing, Vulnerability Assessment, or similar cybersecurity roles.
Expertise in conducting pen testing, vulnerability scans, interpreting results, and generating detailed reports.
Strong understanding of common security frameworks and standards like OWASP Top 10, NIST, and ISO 27001.
Minimum 5 years of hands-on experience in penetration testing, vulnerability assessment, and security assessments.
In-depth knowledge of network protocols, operating systems, and application security.
Proficiency in various penetration testing tools, including Metasploit, Burp Suite, Nmap, Wireshark, etc.
Extensive experience with web application penetration testing, API testing, and mobile application security assessments.
Familiarity with compliance requirements within frameworks like PCI-DSS, HIPAA, etc., and knowledge of relevant regulations and governance frameworks related to vulnerability management.
Excellent data analytics skills and the ability to present technical findings to diverse stakeholder groups.
Responsibilities:
Conduct advanced penetration testing exercises on both internal and external systems, networks, and applications to identify and assess security vulnerabilities and potential weaknesses.
Perform pen testing and vulnerability scans using the Qualys software suite as required by governance frameworks and regulatory compliance requirements.
Generate comprehensive reports that adhere to best practices and meet the specific requirements of applicable frameworks.
Ensure proper storage of reports to facilitate timely access for audit activities and be available to address inquiries relevant to the VM program during audits.
Serve as a technical subject matter expert, applying an extreme proficiency in vulnerability identification and data analytics.
Provide expertise in interpreting the requirements of relevant regulations and governance frameworks, ensuring their integration into the VM program.
Collaborate with different stakeholder groups to communicate and present vulnerability assessment findings effectively, utilizing Qualys reports and insights.
Evaluate and provide actionable recommendations to enhance security controls, protocols, and countermeasures.
Collaborate closely with cross-functional teams to prioritize remediation efforts and actively contribute to implementing effective security solutions.
Participate in red team exercises to simulate real-world cyber-attacks and enhance the organization's incident response capabilities.
Stay up-to-date with the latest security trends, tools, and techniques and actively share knowledge and insights within the cybersecurity team.
Additional (Preferred) Experience:
Previous experience with wireless penetration testing and social engineering engagements.
Familiarity with cloud security and the assessment of cloud-based services (AWS, Azure, GCP).
Knowledge of reverse engineering, malware analysis, and threat intelligence.
Experience in conducting secure code reviews and familiarity with common programming languages (e.g., Java, Python, C#, etc.).
Contributions to the cybersecurity community, such as published research, CVEs, or open-source projects, will be considered a strong advantage.
Qualifications and Required Experience:
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
Industry certifications such as OSCP, OSCE, CISSP, or similar are highly desirable.
4-6 years of experience in Penetration Testing, Vulnerability Assessment, or similar cybersecurity roles.
Expertise in conducting pen testing, vulnerability scans, interpreting results, and generating detailed reports.
Strong understanding of common security frameworks and standards like OWASP Top 10, NIST, and ISO 27001.
Minimum 5 years of hands-on experience in penetration testing, vulnerability assessment, and security assessments.
In-depth knowledge of network protocols, operating systems, and application security.
Proficiency in various penetration testing tools, including Metasploit, Burp Suite, Nmap, Wireshark, etc.
Extensive experience with web application penetration testing, API testing, and mobile application security assessments.
Familiarity with compliance requirements within frameworks like PCI-DSS, HIPAA, etc., and knowledge of relevant regulations and governance frameworks related to vulnerability management.
Excellent data analytics skills and the ability to present technical findings to diverse stakeholder groups.
Responsibilities:
Conduct advanced penetration testing exercises on both internal and external systems, networks, and applications to identify and assess security vulnerabilities and potential weaknesses.
Perform pen testing and vulnerability scans using the Qualys software suite as required by governance frameworks and regulatory compliance requirements.
Generate comprehensive reports that adhere to best practices and meet the specific requirements of applicable frameworks.
Ensure proper storage of reports to facilitate timely access for audit activities and be available to address inquiries relevant to the VM program during audits.
Serve as a technical subject matter expert, applying an extreme proficiency in vulnerability identification and data analytics.
Provide expertise in interpreting the requirements of relevant regulations and governance frameworks, ensuring their integration into the VM program.
Collaborate with different stakeholder groups to communicate and present vulnerability assessment findings effectively, utilizing Qualys reports and insights.
Evaluate and provide actionable recommendations to enhance security controls, protocols, and countermeasures.
Collaborate closely with cross-functional teams to prioritize remediation efforts and actively contribute to implementing effective security solutions.
Participate in red team exercises to simulate real-world cyber-attacks and enhance the organization's incident response capabilities.
Stay up-to-date with the latest security trends, tools, and techniques and actively share knowledge and insights within the cybersecurity team.
Additional (Preferred) Experience:
Previous experience with wireless penetration testing and social engineering engagements.
Familiarity with cloud security and the assessment of cloud-based services (AWS, Azure, GCP).
Knowledge of reverse engineering, malware analysis, and threat intelligence.
Experience in conducting secure code reviews and familiarity with common programming languages (e.g., Java, Python, C#, etc.).
Contributions to the cybersecurity community, such as published research, CVEs, or open-source projects, will be considered a strong advantage.
Submit profile
The Methodical Group
About the company
Position lead penetration Tester recruited by the company The Methodical Group at Cebu, Cebu, Joboko automatically collects the salary of , finds more jobs on Lead Penetration Tester or The Methodical Group company in the links above