Role: Senior Penetration Testing Consultant
Location: Dallas TX - Hybrid role requiring in-office presence
Synonymous Business Title: Senior Risk Assessor
BlueYonder is seeking a Senior Penetration Testing Consultant who would be responsible for leading and conducting penetration test activities against our private and public network, etc. As needed, this candidate will also conduct Penetration Test for the customer environments. This member will play a key role in evolving our Red Team. This role will be a senior role and someone with strong experience is preferred.
The candidate would work with leading Pen Test vendors to create SOWs and engage penetration testing activities as needed. The candidate would also create a solid internal penetration testing program to determine the security posture of the organization and provide meaningful feedback to the stakeholders.
Responsibilities:
- Create and maintain a solid penetration testing program for the organization, a key role within security organization
- Conduct all the penetration activities for the BlueYonder infrastructure
- Co-ordinate customer requests for penetration testing
- Focus on all the phases of penetration testing including, Information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, remediation activities
- Out of several thousand assets, identify the assets that need prioritization to be assessed
- Potential to expand to a Red team with a focus on validating the security controls and security tools that are in place
- This candidate would ultimately create awareness about the extent of compromise one could make with the current security posture – so that the asset owners can truly understand the security posture of their products and their network
- Creates processes for the penetration testing program considering all the phases of the program
- Leverage vulnerability scan results from all the scanners
- Leverage threat intelligence information to raise the bar on Pen Testing program
- Evaluate threats, vulnerabilities and risk in the cloud platform like Azure, AWS, etc.
- Be responsible for not only identification of results but to provide solid feedback to the stake holders and to reduce the risk exposure
- Capable of validating security controls that are in place with the organization like intrusion prevention systems and intrusion detection systems, etc.
- An expert in post exploitation to truly determine the extent of compromise, upon identifying vulnerabilities
- Describe the root cause and impacts to the asset owners
- Demonstrate the risk through verbal and video demonstration in layman terms as needed
- Reduce the open vulnerabilities by providing remediation guidance and feedback as needed
- Document and track all the hacking activities for Management and auditors
- Represent the team for internal and external auditors as needed
- Review reports for each assessment before it is sent to the asset owners or to the customers
- Participate in and assist with incident response team, as appropriate.
- Generate metrics for the Management as needed.
- Prepare system security reports by collecting, analyzing, and summarizing data and trends
- Any other security related duties assigned by the Management.
Qualifications:
- 7- 8 years of proven experience in Penetration testing or Red Teaming; a Master’s degree can be substituted for 2 years of experience.
- Strong expertise in Vulnerability and Threat Management, Penetration Testing, gathering and condensing threat intelligence into actionable and meaningful communication materials.
- Bachelor’s degree in Information Security, MIS, Computer Science or related fields.
- Deep and diverse experience architecting and implementing network security designs.
- Expert in network security, system security and endpoint security.
- Education and experience in public cloud infrastructure such as Microsoft, Google, AWS, or IBM.
- Proven experience with products dealing with vulnerability management services which include Retina, Qualys, Tenable, Nexpose, Kali Linux, Metasploit, Core Impact, Immunity Canvas, Burp Suite, Cobalt Strike, Blood Hound, etc.
- Excellent customer service including strong written and oral communication skills.
- Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.
- Certifications such as OSCP, OSCE, CEH, CISSP or equivalent.
- Results oriented and attention to details.
- Ability to work in different shifts to partner with the global team.
#LI-MH1
-------------------------------------------
The Salary Range for this position is $105,261.54 to $132,738.45
The salary range information provided, reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors. In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position.
At Blue Yonder, we care about the wellbeing of our employees and those most important to them. This is reflected in our robust benefits package and options that includes:
Comprehensive Medical, Dental and Vision
401K with Matching
Flexible Time Off
Corporate Fitness Program
A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more
At Blue Yonder, we are committed to a workplace that genuinely fosters inclusion and belonging in which everyone can share their unique voices and talents in a safe space. We continue to be guided by our core values and are proud of our diverse culture as an equal opportunity employer. We understand that your career search may look different than others, and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience.
Our Values
If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values
Diversity, Inclusion, Value & Equity (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.