What are the responsibilities and job description for the Penetration Tester position at Source Mantra Inc?
Job Description
Location: NYC, NY (Only Locals)
Duration: 6 Months
Job Description
Independently perform penetration tests on computer systems, networks, applications, and appliances.
Search for different weakness and areas of concern in configurations and throughout known
vulnerabilities/weaknesses within a network. Pinpoint different methods and entry points that attackers
may use to exploit these vulnerabilities or weaknesses. Research, analyze, document, and discuss
vulnerabilities/weaknesses found with senior leadership and cyber security teams. Conduct different
types of red and purple teaming exercises across the network to include wireless networks and other
peripheral devices. Perform Open-Source Intelligence (OSINT) gathering.
1. This role will work primarily in performing offensive security assessments (application, network,
mobile, Wi-Fi penetration testing, red teaming, specialty security assessments) and support
ongoing offensive operations and infrastructure.
2. Perform application penetration tests. Application pen tests often include thick client, API,
mobile SDK, and web applications from open, and closed box perspectives.
3. Perform network penetration tests. External, internal, and Wi-Fi network penetration testing.
Capable of penetrating multiple platforms in enterprise environments.
Skills
· Minimum of 3 years specialized experience in penetration testing or experience responding to
Advanced Persistent Threat (APT) type incidents for large enterprises as a member of an
incident response team.
· Demonstrated experience creating novel, reusable, exploits for disclosed and undisclosed
vulnerabilities.
· Well-rounded background in application, network, and system security.
· Able to conduct and speak to OSINT, social engineering, and physical pen-testing.
· Understanding of OWASP Top 10/NIST Standards.
· Familiarity with proxy tools (Burp Suite/ZAP).
· One or more of the following certifications:
o Exploit Researcher and Advanced Penetration Tester (GXPN),
o GIAC Penetration Tester (GPEN),
o Licensed Penetration Tester (LPT),
o Offensive Security Certified Expert (OSCE),
o Offensive Security Certified Professional (OSCP),
o Offensive Security Exploitation Expert (OSEE) or another comparable certification.
· Proficient experience using a scripting language such as PowerShell, Python, Ruby, or Perl for
penetration testing or incident response.
Demonstrated experience utilizing at least one or more of the following frameworks:
· Metasploit, Core Impact, Immunity Canvas, Cobalt Strike, Scythe or any similar Pen Testing tool..