Back to Job Search

Penetration Tester - Remote

  • Location: United States of America
  • Job Type:Contract

Posted 29 days ago

  • Expiry Date: 05 June 2023
  • Referral:

Job Description:

  • The Analyst will perform technical security activities including the following:

  • Assess incoming Bug Bounty submissions and reproduce reports to confirm validity

  • Cultivate report metadata to ensure accuracy of metrics reporting

  • Collaborate with product teams to review and process external reports

  • Provide guidance on effective vulnerability countermeasures

  • Test security bug fixes from product teams

  • Facilitate mitigation on critical bugs

  • Provide subject matter expertise on encryption, security controls, and secure programming practices across client

  • Contribute to security policy, standards, and guidelines related to Bug Bounty

  • Engage with the community to promote a positive experience for the researchers

  • Foster and maintain positive relationships between researchers and client

  • Build relationships between Security and Product teams

  • Identify opportunities to improve / add capabilities to the existing BB Program

  • Leverage Jira to track project efforts

  • Establish credibility as a trusted resource to stakeholders, colleagues, and customers across client

  • Perform vulnerability scan, analysis, validation and remediation activities.

  • Perform network and application penetration testing.

  • Validate vulnerabilities discovered through code analysis.

  • Classify and prioritize the risk of new vulnerabilities according to the specifics of client environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.

  • Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.

  • Work with customers to oversee remediation of identified security issues.

  • Perform technical and non-technical compliance activities.

  • Perform security validation for configuration settings on different systems.

  • Create ad-hoc metric requests and documentation

Min Qualifications:

  • 2 years of experience either in Web application testing, Penetration Testing or Bug-Bounty.

  • Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java).

  • Fluent in a variety of web application protocols, operating systems and networking technologies.

  • Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux,

  • Windows and OSX), patching and attack patterns.

  • Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others.

  • Understanding of CVSS base score methodology

  • Strong analytical, problem solving and engineering skills.

  • Good written and verbal communication skills.

  • Solid organizational skills and strong customer service skills.

  • Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).

  • Positive and eager energy; motivated to gain a vast variety of knowledge

  • Genuine interest in ethical hacking, penetration testing, or other areas of offensive security as a career path

  • Punctual and responsive

  • Thoroughness in quality of work

  • Able to work after hours frequently to address critical bugs

  • Able to work in a constantly collaborative environment

Desired Qualifications:

  • Offensive Security Certified Professional (OSCP)

  • Experience with Kali Linux via VirtualBox, BurpSuite, Splunk, Jira, Mac OS, Linux

  • History of participating in Bug Bounty programs or CTFs

  • Track record of identifying and successfully submitting Bug-Bounty findings

About ASK: ASK Consulting is an award-winning technology and professional services recruiting firm servicing Fortune 500 organizations nationally. With 5 nationwide offices, two global delivery centers, and employees in 42 states-ASK Consulting connects people with amazing opportunities

ASK Consulting is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all associates.