This site uses cookies. To find out more, see our Cookies Policy

Penetration Tester in Charlotte, NC at MDI Group

Date Posted: 2/7/2019

Job Snapshot

Job Description

Penetration Tester
Charlotte, NC
Contract to Hire

MDI is seeking a Penetration Tester to perform external network-level testing against company assets to include black-box testing with no prior knowledge of systems as well as white-box testing with complete knowledge of systems. Internal network-level testing will be performed on internal networks and systems. Application-level testing to involve analysis of application to identify vulnerabilities created through maintenance, configuration or architectural issues, using unauthenticated and authenticated perspectives. Extrusion testing will be done to determine how easily sensitive information can be pushed from the inside out testing DLP systems, proxies and security monitoring. Assigned tasks may include: Performing network-based security assessments • Performing security assessments on Internet-facing applications • Performing security assessments on software applications • Performing penetration tests across public networks • Performing penetration tests across internal networks • Performing assessments of physical security using social engineering • Developing testing scripts and procedures • Other security-related projects that may be assigned according to skills .

Must Have:
Must have a familiarity with vulnerability management tools such as but not limited to Qualys, McAfee Vulnerability Manager, WebInspect and Nessus. And more importantly have the ability to understand and articulate scan results. Required Skills and Education • Able to obtain a Secret clearance • OSCP or GPEN • Strong ethics and understanding of ethics in business and information security • English language written communication skills

Preferred Skills and Education • Ability to read source code (java, php and javascript primarily) • Web application penetration testing (should be very familiar with the owasp top 10) • Experience with HP Fortify, Nmap, Nessus, WebInspect, w3af, AppDetective, Burp Suite and similar tools • Able to assist in determining short term mitigation (Waf rules, signatures, etc ) and long term remediation based on the issue and tools available • Able to clearly communicate findings from automated tools and manual testing • Understanding the basic principles of agile development would be helpful. Mainly managing expectations.  


Search IT Jobs