Senior Penetration Tester

Senior Penetration Tester
 
KirpatrickPrice is seeking a senior penetration tester who enjoys teaching as much as testing. We are a security partner to companies of all sizes, but we particularly enjoy helping organizations that are new to the need for penetration testing. Our clients need security experts who are experienced, patient, and able to communicate well, to help them discover vulnerabilities and teach them how to strengthen their defenses. We love empowering and inspiring our clients to effectively protect their most sensitive data. If that describes you, and you’re well-qualified, we want you on our team.

This particular position requires experience testing web applications. Competitive applicants will possess strong web app testing abilities, hold the GWAPT (or another comparable certification); and demonstrate both the ability and desire to teach and mentor. Ideal candidates will also have experience testing APIs, and desktop applications, with mobile application development and network testing considered a strong plus. Experience with web and/or mobile application development will further differentiate strong candidates.

Desired Applicant Characteristics
 
Character

• Possess an extreme level of integrity. The top 1% of wealth holders in America rate integrity as the #1 factor that explains economic success.
• Apply diligence to the project so that the client benefits the most. Find the vulnerabilities!
• Passionate for teaching clients about applicable vulnerabilities and other cybersecurity concepts. We help clients achieve compliance across a variety of information security frameworks.
• Strong desire to contribute to and learn from an open and collaborative team. Humility and contribution to the team are highly valued.

Experience

• Skillful in analyzing a company’s defenses and designing an effective attack plan.
• Capable of understanding and interpreting a wide range of business environments. Financial, healthcare, tech providers, retail, etc.
• Deep familiarity with the OWASP Top 10, the OWASP Web Security Testing Guide, and other industry standard methodologies.
• Hands-on knowledge of modern web technologies (REST, GraphQL, single-page apps, cloud-hosted apps).
• Familiarity with web development or code review (e.g., reading JavaScript, Python, or .NET) is a plus.
• Ability to understand client needs and present remediation guidance in a manner that conveys that understanding.
• Hold certifications such as GWAPT, BSCP, OSWE, PWPT, GMOB, CISSP, etc. We love this alphabet!

Productivity

• Energetic about working in a small company environment and sharing in and contributing to KirkpatrickPrice’s growth.
• Efficient with the latest penetration tools, techniques, and exploits.
• Loves research to sharpen those skills and get better every day.
• Thrilled to work with colleagues on our pen test team.
• Must detest a daily commute to an office. Virtual office experience is essential. Some days, it’s fun to just stay in superhero pajamas.
• Must reside near our clients…which means…anywhere in America!