Penetration Tester

Job description

Key Responsibilities

• Conduct formal vulnerability assessments and penetration tests of networks, systems, web-based applications, and other types of information systems on a regular basis.
• Execute tests independently or work as part of testing team, taking direction from the Penetration Testing Manager and executing directives in a thorough and timely fashion
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, SaaS PaaS and IaaS.)
• Manage required 3rd party commercial and federal penetration tests.
• Assist in Risk identification and validation.
• Assist with any ad-hoc testing that is requested from the Penetration Testing team.

SOCBM
CLDSFT5K
Auto req ID

166827BR
Required Education

Associate's Degree/College Diploma
Role ( Job Role )

Security Services Specialist
State / Province

TEXAS
Primary job category

Technical Specialist
Company

(0147) International Business Machines Corporation
Contract type

Regular
Employment Type

Full-Time
ERBP

Yes
Is this role a commissionable/sales incentive based position?

No
Travel Required

No Travel
IBM Business Group

W&CP
Preferred Education

Bachelor's Degree
City / Township / Village

DALLAS
EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Required Technical and Professional Expertise

• Minimum of 2 years performing penetration testing in a commercial/business/federal setting.
• Familiarity and experience with web application pentesting.
• Possess good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral
presentations.
• Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
• Familiar with scripting languages, Python, BASH, Powershell, Ruby, etc.
• Familiarity with penetration testing lifecycle

Country/Region

United States
Preferred Technical and Professional Experience

• Familiarity with the following protocols: ARP, DHCP, DNS, DSN, FTP, HTTP, IMAP, ICMP, IDRP, IP, IRC, NFS, POP3, PAR, RLOGIN, SMB, SMTP, SSL, SSH, TCP, TELNET, UDP. Strong knowledge of Windows® Internals, Windows® Application Programming Interfaces (API), Portable Executable (PE) formats, Windows® Registry, and security models.
• Security+ and CEH
• OSCP, GPEN, GWAPT, LPT, GCIH
• Experience with dynamic source code analysis
• Extensive experience with Tenable Nessus
• Experience with Core Impact
• Experience with IBM Appscan
• 5 years' experience
• Bachelor's Degree related to position
Eligibility Requirements

·  None
Position Type

Professional
Early Professional Track

Not Applicable - Professional Hire