Senior Penetration Tester

Consider joining a leading provider of Tech-enabled cybersecurity solutions!

Top Candidates will be considered for Remote work if desired

Securin Inc. has been a leader in the cybersecurity services industry. We have continuously improved the security posture of our customers against evolving and emerging cyber threats through our services in vulnerability management, penetration testing, cloud security and a wide range of cybersecurity products.

Headquartered in Albuquerque, Securin has grown to a staff of 250 technology professionals located throughout the US and India. We deliver solutions effectively by combining human intelligence and automation while providing its customers with full coverage, extensive support, and guided remediation, helping them improve their security posture.

At Securin we live by a people-first approach and we firmly believe that our employees should enjoy what they do. We provide a hybrid work environment with a competitive best in industry pay, providing an inclusive environment to learn, thrive, and grow. For the right candidate, this will feel like your second home!

Please note that a relocation package will be available to successful hires.

To learn more about us, please visit our website: https://securin.io

Job Purpose

Our risk management, security management, exposure management, and compliance services have helped organizations across diverse industries around the globe to secure their business from ever-evolving threats. We are looking for information technology professionals who want to focus on security as a career path and help us keep our clients safe from cyber attacks.  

Duties and Responsibilities:

• Conduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications.
• Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means.
• Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders.
• Develop and execute detailed test plans and methodologies for conducting penetration tests.
• Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities.
• Manage project timelines, deadlines, and expectations – including client interactions
• Stay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security.
• Assist in the development and improvement of security policies, procedures, and guidelines.
• Mentor and provide guidance to junior members of the penetration testing team.
• Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization. Having proficient knowledge in MITRE ATT&CK framework.
• Maintain accurate and detailed documentation of testing activities, findings, and recommendations.
• Prepare reports documenting identified issues based on internal templates.
• Interact with clients to deliver results, provide feedback, and remediation recommendations on findings.
• Research emerging security topics and new attack vectors
• Perform and review the hardening of the systems and network devices.
• Manage project timelines, deadlines, and expectations – including client interactions

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• At least 5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructure.
• Must be proficient in python development. Proficiency in other scripting languages such as perl, ruby, etc. is an added advantage.
• In-depth knowledge of various penetration testing tools and frameworks (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.).
• Strong understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation techniques.
• Ability to correlate different threats like Ransomware, APT groups, Malware, Exploit Kits, etc.
• Familiarity with industry standards and frameworks such as OWASP, OSSTMM, and NIST.
• Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and related security controls.
• Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilities.
• Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholders.
• Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) are strongly preferred.
• Development knowledge of common programming languages like java, asp .net, PHP, etc. would be an added advantage.
• Excellent oral and written communication skills.    

Preferred qualifications:

• GIAC, OSCP, CEH, CompTIA Pentest+, or any equivalent security certifications would be an added advantage.
• Experience with security tools like Acunetix, Netsparker, Burp Suite, SQL Map, Nessus, Qualys, Nexpose, Nmap, Metasploit, etc

Working conditions

Work is generally conducted indoors on carpeted floors, typically during regular business hours, Monday through Friday, unless emergent IT crises occur during weekend or evening hours.