The Keyavi Data Senior Penetration Tester/Red-Teamer will plan, assess and evaluate security controls to help protect the organization from security breaches and attacks against its application, infrastructure, systems and environments. The Senior Cyber Threat & Intelligence Analyst will work as part of our threat and vulnerability management operation and help the team monitor, manage, and leverage our platforms/tools to detect, protect, and respond to cyber threats.
The Senior Penetration Tester/Red-Teamer reports directly to the Chief Information Security Officer, VP of Cyber Threat & Intelligence and will assist with the implementation and management of core cyber security, threat intelligence, vulnerability management, web application security, penetration testing, red team, threat modeling, and security operation projects. The role will be required to interface with the CIO, CTO, Director of Professional Services, IT support staff, developers, and various lines of business to facilitate security testing, incident management and control updates. This position will include the evaluation of security controls, analyzing current systems for vulnerabilities, integrating into the Secure Software Development Lifecycle, and participating in the handling of security incidents.
- 3-5 years of technical experience performing vulnerability assessment, penetration testing and red team testing.
- Perform vulnerability assessments, static application security testing, dynamic application security testing, red team testing, and follow-up with appropriate lines of business about vulnerability remediation.
- Maintain a list of vulnerability remediation, recommend control improvements, respond to security events and participate in the incident response involving threats to Keyavi Data’s applications, infrastructure, systems, and end users.
- Review internal and external security and technical test reports (audit, vulnerability, and penetration test results, etc.) to validate the effectiveness of operational controls.
- Translates security testing findings into actionable items for both technical and executive audiences and brief C-Suite on remediation plans.
- Provides input and makes recommendations to the overall security operations plan.
- Strong technical competency in performing vulnerability assessments, static application security testing and dynamic application security testing.
- High-level understanding of Cloud security, threat modeling frameworks, application security and API security.
- Ability to work independently in a fast paced and dynamic team environment.
- Eagerly assumes responsibility for things that need to be done, including following up with team members and leadership on outstanding items.
- Ability to present technical findings to both technical and non technical audiences.
- Ability to prepare detailed written reports, instructions and other documentation.
- Good interpersonal, negotiation, and influencing skills with the ability to facilitate discussions around issues and bring them to resolution.
- Good analytical and problem-solving skills coupled with thoroughness and attention to detail.
- Ability to work in an environment where priorities may shift on a daily basis.
- Formal education in Cyber Security, Computer Science, or related.
- Industry professional certificates such as Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), GIAC Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), or other applicable.
- Familiarization with various frameworks to include OWASP, OSSTMM, PTES, ISSAF, STRIDE Threat Modeling, MITRE ATT&CK, MITRE Common Weakness Enumeration (CWE), OCTAVE, etc.
- Strong communication and problem-solving skills required for both helping end users and resolving issues with vendors with minimal oversight. Possess the necessary skills to effectively communicate to non-technical users.
- Ability to take ownership of problems, work alone or with others to follow them to a successful resolution.
- Ability to gather and analyze facts, draw conclusions, define problems, and suggest solutions.
- Ability to plan and manage concurrent tasks, assignments, projects, and deadlines.
- Strong organizational, administrative and documentation skills.
Please send your application to email@example.com
At Keyavi Data, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone.