Job Description
Job Summary
The Penetration Tester will be responsible for providing a demonstrated impact on an organization's enterprise network through the practical exploitation of known and discovered network, system, and application vulnerabilities. They will then be responsible for the careful and detailed documentation of findings and outcomes from their testing for reporting and presentation purposes. This role is responsible for providing results to audiences at all levels of an organization, requiring effective communication of results, both orally and in written format. They will be required to provide both observed and confirmed issues that may result in the potential compromise of a client’s data confidentiality, integrity, and availability. This role must develop and communicate a carefully researched corrective action plan to remediate findings. The Penetration Tester must have knowledge of industry-standard security testing tools and techniques and the ability to deploy and utilize these tools, minimizing the impact on client operational capability and adherence to Fortified Penetration Testing standard operating procedures.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
· Service coordination, delivery, and execution of internal, external, wireless, and application penetration tests.
· Delivery of findings (formal report, notes, presentation, and appendices) to the client within the allotted schedule for each penetration test project.
· Reporting of performance metrics for each project to team lead or department management.
· Maintain awareness of various network, system, and application threats, vulnerabilities, and exploits.
· Maintain currency of existing and pursuit of relevant industry or professional certifications.
· Knowledge and familiarity with penetration testing tools, i.e., Metasploit, NMAP, BURP Suite, NESSUS, etc.
· Possess an understanding of various penetration testing and hacking methodologies such as OWASP, PTES, PTF, NIST SP800-115, MITRE ATT&CK, and the application thereof.
· Maintain working knowledge of networking technologies and network functionality.
· Following company operating procedures and rules of engagement, detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware.
· Work effectively in a small team environment with the ability to communicate effectively and efficiently.
· Communicate effectively with the client base to outline appropriate penetration testing project scope.
· Accurately enters and submits time by required deadlines.
· Routinely check and respond to communications from Fortified personnel, including participation in mandatory company training and team and departmental meetings.
· Books travel in adherence to the company/client travel policy.
· Maintains documentation regarding customer interactions and detailed notes of actions taken during an assigned project.
· Familiarity with Fortified Core Services and make appropriate client recommendations based on those offerings.
Knowledge & Skills
Education & Experience
· Associate degree in Computer Science, Management Information Systems, or other relevant combination of training and experience.
· 2+ years of proven work experience in an IT Security-related field.
· Healthcare IT experience a plus.
· Strong computer skills in Adobe and Microsoft Office applications (Project, Visio, Word, Excel, PowerPoint).
· Solid understanding of hardware and networking terminology and devices.
Special Skills & Knowledge
· Experience with network security, topology, networking technologies and an understanding of the OSI Model.
· Thorough understanding of the latest security principles, techniques, and protocols.
· Familiarity with generating and troubleshooting PowerShell/bash/python scripts.
· Ability to work and communicate effectively, positively, and professionally with clients, third-party system vendors, and other departments.
· Must possess a level of professionalism and diplomacy that will serve to build and maintain relationships throughout the project and beyond.
· Excellent interpersonal skills that include the ability to communicate verbally and in writing effectively.
· Resourcefulness and ability to take the initiative in developing and completing work projects.
· Must possess and have proven problem-resolution / critical thinking skills.
· Must be flexible and work with a high level of initiative.
· Ability to retain and protect confidential material.
Licenses, Certifications, etc.
· Relevant security certifications (i.e., CISSP, SSCP, OSCP, CEH, GSEC, etc.)
· Other desired technology certifications (i.e., RHCA, MCSE, CCNA, etc.)
Requirements
Supervisory Responsibility
· N/A
Working Conditions & Travel Requirements
· Evenings and weekend hours should be anticipated.
· Travel as needed.
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
