* Bachelor’s degree in Computer Science, Management Information Systems, or work-related discipline/field from an accredited college or university. Equivalent field experience considered.
* 4+ years experience preferred with direct experience either as a vulnerability engineer, technical auditor or penetration tester.
* Hands on security experience pen testing of web applications and network services to proactively discover flaws and track them to resolution.
* Experience using multiple languages (HTML, SQL, C++, Perl, Python, PHP or other) to manually exploit or confirm vulnerabilities and eliminate false positives from results.
* Must have the ability to understand and use the output vulnerability scanners like Nessus and Rapid7 NexPose as the basis for targeted web application penetration testing and use tools like MetaSploit to verify vulnerabilities actually exist and are exploitable.
* Must have the ability to understand, modify and use Proof of Concept (PoC) exploitation code created by others in C++ and C# as well as scripting languages like Python to perform extensive manual binary and scripting application and web penetration testing.
* Must have the ability to create Proof of Concept (PoC) exploitation code independently and explain the results to developers who can close vulnerabilities in our products.
* Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
* Excellent understanding of web applications, web servers, frameworks and protocols with respect to application development and deployment.
* Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing.
* Extensive Windows, Mac, Linux and UNIX experience including deep knowledge of associated vulnerabilities, hardening techniques and strategies.
* Ability to communicate technical detail into succinct and fact-based business terminology, both verbally and in writing.
* Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product.
* Ability to use independent judgment to make sound, justifiable decisions and take action to solve problems.
* Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner.
* Ability to plan, organize and prioritize work independently and meet deadlines.
* Ability to work in a collaborative, team environment.
GIAC Certified Penetration Tester and/or GIAC Certified Ethical Hacker certifications.