Senior Penetration Testing Lead

Pen Test Lead - Major Media Client

Work Model: 100% Remote

Compensation: $65-$75/hr. (DOE)

Engagement Type: 6 Month Contract;

• Potential FTE Conversion/Transition into management seat (if interested)
• Conversion Salary: $135k-$145k (DOE)

As a Brooksource consultant working directly with our client, you will be a W2 employee with full-time 40 hour work week. Comprehensive benefits (health, vision, dental), paid holidays, & sick time accrual is available to all employees on contract. Upon FTE conversion, the client's benefits package will take over.

Start Timeline: ASAP (Ideally)

Screening/Interview Process:

• Brooksource: Initial Phone Screen (10-15 mins), Teams call/internal interview (20-30 mins)
• Official Interview Process (with client): 1-2 Rounds (Virtual, hour long)

Job Overview: You will be joining a large team and will engage directly with stakeholders and various teams. This person will be responsible for supporting broadcast, Confirmed Distribution, CDN, internal content delivery, and internet live streaming technologies. The role includes providing operational support for Digital Properties and collaboration with the Cyber Operations and Application Security Teams to address any issues.

Responsibilities

• Perform Penetration Testing engagements and consultations including Web Application, Web Services, Network, and Segmentation
• Ensure ticketing system is kept up to date on a weekly basis
• Ensure processes and requirements are followed by the team and documentation is kept up to date
• Train, grow, and develop testers on the team. Providing them with a learning plan and providing feedback to better their skillset when prepping for an engagement, during testing, and during reporting.
• Peer review reports to ensure findings are valid, rated accurately, and are comprehensible
• Manage Pen testing vendors, ensure they are following process and requirements, keeping tickets up to date, and accurately prioritizing engagements (3 vendors)
• Drive automation initiatives on the team
• Collaborate and support businesses that need further understanding of reported vulnerabilities or technical support
• Manages tooling license distribution, reporting platform, and ticketing platform
• Develop new strategies, processes, best-practices, and tools that contribute to our cyber security posture.
• Ability to work with all audiences, including the internal team, clients, defense, stakeholders, etc. to explain or support testers in meetings, present initiatives, interface with Cyber partners and businesses throughout the company.

Qualifications

• 5+ years in Penetration Testing
• Up-to-date knowledge of current security risks, vulnerabilities, and cybersecurity incidents
• Experience running end to end Penetration Tests and how to accomplish testing objectives with minimal system impact.
• Experience operationalizing new and expanding Cyber services
• Advanced experience in scripting/source code analysis
• 1+ year coding experience in 1 or more languages such as Java, C, C++, C#, ASP.NET, PHP, JavaScript, Python, Objective C, Android, Ruby, Perl, Bash, Powershell
• Advanced experience with assessment tools such as BurpSuite, Nmap, Metasploit, kali, aircrack-ng, mimikatz, empire, impacket, rubeus, proxy chains, bloodhound
• Able to confirm open-source tools are safe for use through code review
• Heavy Experience in Windows, Unix, MacOS, AWS, Azure, GCP, Cloud
• Experience in iOS, Android
• Advanced understanding of network protocols, operating systems, cloud environments, and security architectures including TCP/IP network protocols and experience with various AD attack techniques.
• Ability to research and develop new techniques, tools, and methodologies for Penetration Testing and its processes.
• Advanced report building skills explaining actions taken and explaining start to finish how a full attack was accomplished in detail and in an easy-to-understand manner.
• Reports contain all needed information and is rarely amiss. Reports are easily ingestible towards all audience types.
• Extensive knowledge of various penetration testing methodologies and frameworks.

Nice to Have: Relevant certifications such as OSCP, OSWA, OSWP, OSWE, OSEP, OSED, GPEN, GCPN, GWAPT, GMOB, GAWN, GXPN, eWPT, eCPPT, eM, or similar are preferred.

Eight Eleven Group (Brooksource) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, sexual orientation, gender identity, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.