Penetration Tester / Security Assessor

• Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organization's security posture.
• Perform web application penetration testing to identify and exploit OWASP Top 10 web application vulnerabilities.
• Leverage threat intelligence to emulate known threat actors' tactics, techniques, and procedures.
• Partner with various cybersecurity teams to improve automation and detection of threat actors.
• Engage with technical and non-technical audiences to articulate both techniques and results., Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

• Bachelor's Degree in Computer Science or a related field or equivalent experience.
• 5-10 years of experience in systems security with a minimum of 2+ years in information security, penetration testing, or ethical hacking.

Other Job Specific Skills

• Must possess demonstrated experience planning and conducting penetration tests against networks and web applications.
• Demonstrated experience conducting vulnerability assessments and penetration tests.
• Expertise with tools such as Bloodhound, Burp Suite, Cobalt Strike, Metasploit, and Mimikatz.
• Hands-on experience with penetration testing tools and frameworks.
• Portfolio of security assessments or CTF achievements (preferred).
• Experience with network scanning, enumeration, and exploiting vulnerabilities.
• Proficiency in Windows, Linux, and macOS environments.
• Understanding of system hardening techniques and common misconfigurations.
• Knowledge of programming languages like Python, Ruby, or JavaScript for creating custom scripts and exploits.
• Familiarity with bash, PowerShell, or other scripting languages for automation.
• Understanding of web technologies, including HTML, JavaScript, and SQL.

Preferred Skills

• Experience in identifying and exploiting vulnerabilities in web applications, networks, and systems.
• Familiarity with CVSS (Common Vulnerability Scoring System) and understanding how to prioritize vulnerabilities based on risk.
• Ability to analyze and critique code for security vulnerabilities.
• Familiarity with common vulnerabilities such as SQL injection, XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and buffer overflows.
• Strong understanding of network protocols, architecture, and components (e.g., TCP/IP, DNS, HTTP, VPNs, firewalls, routers, switches)., The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.