Introduction :
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities :
The CISO Cybersecurity Operations team is looking to add a penetration tester to the team. This role is highly technical, and candidates must possess a solid understanding of information security, preferably with a strong computer science background. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.
Penetration-testers/red teamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy, such as purple teaming, to enhance skillsets for both red and blue team members.
While some automated tools will be leveraged, the penetration-tester/red teamer must realize this is not solely a point-and-click role, but requires hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). When performing red team exercises, the penetration-tester/red teamer must strive to avoid detection. In addition to stealthy engagements, however, penetration-testers/red teamers must also participate in visible and announced assessments for new and existing services, infrastructure and applications to help the team identify weaknesses before an attacker does
*Please note that this position is Fixed Term Hire - 1 year contract
Required Professional and Technical Expertise :
- Minimum required certification: OSCP or equivalent e.g., Offensive Security Web Expert (OSWE) and Offensive Security Web Assessor (OSWA))
- Minimum of 3 preferably 5 years of “hands on” Penetration Testing Experience with operating systems, web applications and network infrastructure.
- Minimum of 3 preferably 5 years experience with using Penetration Testing Tools. e.g., NMap, Nessus, Metasploit, BurpSuite, Nito, Tcpdump.
- Administrator level knowledge of Server Operating Systems specifically Unix and Windows to test infrastructure. Well versed in Kali Linux.
- Ability to test web technologies e.g., web applications, containers, container managers.
- Sufficient technical knowledge of TCP/IP Networking/Routing, Intranet / Internet Architectures and Segregation Technologies/VLANs, Firewalls, Intrusion Detection, Intrusion Prevention, SQL Databases
- Programming ability to create, read and modify exploit code to achieve system penetration. C, C++, Java, C#, scripting knowledge is an asset.
- Ability to clearly present the penetration testing results including recommendations to fix.
Preferred Professional and Technical Expertise :
- Preferably a bachelor’s degree or College Diploma in computer science or related field
