Accume Partners

Penetration Tester

US-TX-Houston
ID
2017-1042
# of Openings
1
Posted Date
4 months ago
Category
Professional Services

Overview

Accume Partners has a long history of providing internal audit, regulatory compliance and risk management services primarily to banks and financial services organizations, as well as other industries. As the level of regulatory and business complexity has surged, so has the need for specialized knowledge and focus. We have organized our firm to achieve that goal providing our clients with deep knowledge, expertise and approaches in Regulatory Compliance, Internal Audit , Technology Risk Management, Cyber Security, and Operations and Process Improvement.

 

This position will work independently and as part of a team to perform security assessments, including vulnerability assessments, penetration tests, web application testing, wireless security assessments, social engineering, ISO27000 assessments, Payment Card Industry (PCI) assessments, and Federal Financial Institutions Examination Council (FFIEC) assessments.

Responsibilities

  • Assessing clients’ network security posture through the use of automated tools and manual techniques to identify and verify common security vulnerabilities
  • Use creative approaches to identify vulnerabilities that are commonly missed in security assessments
  • Perform application and network penetration tests for our clients
  • Use commercial scanning tools such as Metaspolit, BurpSuite, Nessus, and other commercial products to analyze systems for vulnerabilities, and provide risk reduction recommendations
  • Performing manual verification of vulnerabilities to reduce false positives
  • Understanding of common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Creating comprehensive security assessment reports
  • Interfacing with clients to gather information and investigate security controls
  • Staying up to date on cyber security trends and maintaining industry credentials/certifications

Qualifications

 

  • Basic experience in web application architecture analysis to identify logical flaws and security weaknesses
  • Basic understanding of encryption methods and how they are applied in an application environment
  • Working knowledge of application security tools such as proxies, fuzzers, scanners, debuggers, simulators, etc.
  • Familiarity with common web platforms i.e. Tomcat, .Net, AJAX, HTML5 etc.
  • Familiarity with back-end databases like MS SQL, Oracle, MySQL, etc.
  • Experience in scripting languages like Python, Perl, Javascript, regular expressions, Shell and PowerShell scripting, etc.
  • Understanding of common web content management systems like WordPress, Joomla, DotNetNuke etc.
  • Experience with various security tools like Metaspolit, Nmap, Qualys, mimikatz, Nessus, NeXpose, Kali Linux, BurpSuite, OWASP ZAP, WireShark, Tcpdump, etc. to analyze systems for vulnerabilities, and provide risk reduction recommendations.
  • Working knowledge of Windows & Linux, TCP/IP, and Web services
  • Perform manual verification of vulnerabilities to reduce false positives
  • Understand common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Able to create comprehensive security assessment reports
  • Interface with clients to gather information and investigate security weakness and controls

 

Required Qualifications

  • Bachelor's degree in Computer Science, Computer Engineering, Cyber-Security, Information Security or a related field or equivalent experience
  • 4 years of experience conducting application and network penetration testing
  • Excellent interpersonal skills to interact in team environment and foster client relationships.
  • Strong analytical and problem-solving skills.
  • Advanced verbal and written communication skills including documentation of findings and recommendations.

 

Preferred Qualifications

  • GIAC GPEN, Offensive Security Certified Professional (OSCP), CISA,  CISSP or Offensive Security Certified Expert (OSCE) preferred
  • Implementation of vulnerability management programs is a plus
  • Prior consulting or professional services background preferred
  • Prior experience within Banking/FI industry preferred 
  • Knowledgeable regarding Sarbanes-Oxley Act, Payment Card Industry (PCI), and SOC
  • Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices
  • Strong multitasking and project management skills
  • Passion for creating tools and automation to make common tasks more efficient 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed