Penetration Tester

<strong>We&rsquo;ve spent the past 20 years pushing the boundaries of traditional business. Though we&rsquo;ve evolved from an equipment dealership into an IT and managed services provider, our goal remains the same: to provide world-class customer experiences for the companies who are often ignored by big enterprises. To do this, we need top talent, skilled specialists, and the hardest of workers looking to build successful careers at Impact.<br /><br /><a href="https://www.impactmybiz.com/managed-services/cybersecurity/" target="_blank" rel="noopener noreferrer">Learn more about our Managed Cybersecurity Services</a><br /></strong>

Lake Forest, IL

Impact

<div class="about-us-description ng-binding"> <div class="fusion-text"> <h4 class="fusion-responsive-typography-calculated" style="padding-left: 30px;" data-fontsize="24" data-lineheight="31.92px"><strong>Building the people who build the business.<br /><br />We&rsquo;ve spent the past 20 years pushing the boundaries of traditional business. Though we&rsquo;ve evolved from an equipment dealership into an IT and managed services provider, our goal remains the same: to provide world-class customer experiences for the companies who are often ignored by big enterprises. To do this, we need top talent, skilled specialists and the hardest of workers looking to build successful careers at Impact.&nbsp;</strong></h4> </div> <div class="fusion-text"> <h4 style="padding-left: 30px;"><strong>Whether you&rsquo;re looking for a fresh start, a career change or the chance to use your experience to make a difference, you&rsquo;re welcome at Impact. With 700 employees and 18 locations spread across the Midwest and West Coast, we are committed to empowering each individual with education, training and the support needed to compete and succeed, and change the way our customers do business.</strong></h4> <h4 style="padding-left: 30px;"><strong>The world of technology shows no signs of slowing down, and neither do we. Think you can keep up? Apply today!</strong></h4> </div> </div> https://vizi.vizirecruiter.com/Impact-2824/index.html

keywords: managed security,technical skillset,client experience,career,support,analysis,risk audit,on-boarding,penetration testing,knowledge,education,strategy building,license

N/A

Overview: <p>Impact Networking is seeking cybersecurity professionals with solid IT and security knowledge to provide customer service centric assessments and ongoing support. The Impact Networking Managed IT Security division (MITSec) is a cybersecurity division responsible for assessing, implementing solutions, and supporting client environments ranging in size from 10-1000 users via security solutions. Impact partners with clients to improve security programs through solution monitoring, training, and advisory services.</p> <p>&nbsp;</p> <p>The role of the Penetration Tester is challenging and rewarding. It requires a strong technical skill set, as well as business acumen and interpersonal skills. Being able to break down highly technical concepts to non-technical users is critical to client success. The overall focus of the job at Impact is always excellent customer service. We strive to ensure that our clients are happy, and that their networks are secure and running optimally.</p>
Responsibilities: <p>The Penetration Tester will perform the following tasks:</p> <ul> <li><strong>Pre-Sales</strong> <ul> <li>Working with a Business Development Specialist, you will act as a security subject matter expert in prospective client engagements. This is a supporting role to help identify the specific compliance and security needs of the client.</li> <li>Conduct pre-assessment interviews to determine client engagement with cybersecurity: current resources, knowledge, systems already in place, etc.</li> </ul> </li> <li><strong>Risk Audit</strong> <ul> <li>This process often includes an infrastructure focused penetration test on the internal and external attack surfaces for organizations in which Penetration Testers attempt to gain privileged access to systems, perform lateral movement, and demonstrate persistent access. Risk Audits may also include several other components. Social engineering tests which designed to measure the level of security awareness of the client&rsquo;s staff. And web application penetration testing in which the Penetration Tester tests vulnerabilities and misconfigurations in attempts to gain access to restricted resources.</li> <li>The Penetration Tester must analyze the data to produce a comprehensive report which outlines findings and recommendations.</li> <li>Conduct Risk Audit review meetings in which reports will be delivered to clients. Penetration Testers will be expected to effectively explain their findings and recommendations to technical, executive, and legal members of the client&rsquo;s team during a Risk Audit review meeting.</li> </ul> </li> <li><strong>Onboarding</strong> <ul> <li>Implement the recommendations made during the Risk Audit process. This requires the technical skills to implement the core security stack.</li> <li>Determine maintenance requirements for the client. This includes ongoing vulnerability management, re-occurring penetration testing, systems monitoring and analysis, and plans to upgrade.</li> </ul> </li> </ul> <p><strong>&nbsp;</strong></p> <p>Penetration Testers perform other duties such as developing new attack strategies and creating tools to support team activities. Penetration testers are also expected to learn and share new skills through independent research, formal training, team collaboration, and community events.</p>
Requirements: <p>Qualifications:</p> <ul> <li>Comfortable working with sales team members in client-facing meetings</li> <li>Functional understanding of operating systems, networks, and IT architecture</li> <li>Experience performing penetration tests against at least two of the following: external networks, internal networks, web applications, cloud platforms, mobile applications, social engineering, phishing, physical security, wireless networks</li> <li>Experience analyzing vulnerabilities and demonstrating attacks against found security flaws</li> <li>Effective at communicating findings and mitigation strategies to clients including technical staff, executive leadership, and legal counsel</li> <li>Experience with open source tools used for security testing such as nmap, impacket, Bloodhound, OpenVAS, Burp Suite, Metasploit, nmap, etc.</li> <li>Experience in designing secure networks, systems, and application architectures</li> <li>A solid understanding of security controls such as: <ul> <li>Security information and event management (SIEM)</li> <li>Network detection and response (NDR)</li> <li>Endpoint antimalware (EDR/MDR)</li> <li>Firewalls/UTMs</li> <li>Web application firewalls (WAFs)</li> <li>Content filters and proxies</li> <li>Enterprise password management</li> <li>Spam filters</li> <li>Data loss prevention (DLP)</li> <li>The role of policies within an organization</li> <li>User security awareness and training tools</li> </ul> </li> <li>College graduate with focus on Computer Science, Cybersecurity, or Information Systems or equivalent experience</li> <li>A valid driver's license and clean driving record</li> <li>Able to do some light lifting</li> </ul> <p>Bonus points for:</p> <ul> <li>Active community participation through conferences, groups, open-source tool authoring, or other activities</li> <li>Information security certifications such as OSCP, CISSP, GSEC, GPEN, CISM, Security+, CEH</li> <li>Advanced experience with at least one scripting language (Perl, Python, PowerShell)</li> <li>A thorough understanding of the CIS CSC top 20, NIST, MITRE ATT&amp;CK, OWASP top 10</li> <li>Working knowledge of compliance requirements including HIPAA, PCI-DSS, GDPR, and CMMC</li> <li>Ability to obtain a security clearance</li> </ul>