Penetration Tester

Welcome to Aerstone, a place where you get to share your skills and experience with a team of high performing security professionals and in turn, improve on your own capabilities. Working together in a collaborative environment helps our business grow, but more importantly, it will help you grow. At Aerstone, we foster greatness, we champion accountability, and we value kindness.

As a Penetration Tester, you will join our growing testing team and have the opportunity to support, and lead, technical testing and assessment activities including vulnerability scanning, configuration reviews, web application scanning, database scanning, observation or over the shoulder technical control interview sessions, cloud security benchmark scanning, and infrastructure as code (IaC) security analysis. You will have the chance to evaluate test results against compliance standards and conduct risk analyses of findings in order to generate detailed assessment reports to help our customers gain security assurance and secure their systems.

We at Aerstone are highly committed to creating a collaborative work environment where everyone contributes and gains from our collective experiences. It is our belief that creating a culture based on synergy and the coordinated optimization of individual strengths results in mutual benefit and growth.

If this is you, we welcome your interest to join us!

Responsibilities:

• Support and lead testing of web applications and APIs for susceptibility to SQL injections, Cross-Site Scripting, and other input attacks
• Support and lead technical evaluation of cloud-based applications and systems, assessing secure configurations and settings of PaaS, SaaS, and IaaS environments. This may include use of automated cloud assessment tools or industry best practices.
• Support and lead technical assessments of network infrastructure, servers, endpoints, and databases.
• Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
• Conduct automated credentialed vulnerability scanning against databases using commercial and open-source scanning tools.
• Assess compliance posture against regulatory requirements mainly including NIST SP 800-53, and may include OWASP ASVS, and ISO 27001.
• Conduct reviews of system configurations for identification of security weaknesses or misconfigurations.
• Research known vulnerabilities and manually validatescannerfinding.
• Document security weaknesses, including steps to reproduce.
• Analyze security findings, including risk analysis and root cause analysis.
• Research and propose practical remediation.

Years of Experience Required: 5+ years

Education Requirements:Bachelors Degree

Required Skills/Qualifications/Certifications:

• Strong knowledge and experience with Linux based operating systems and Linux based testing tools
• Experienced with common penetration testing tools and frameworks (Kali Linux, Metasploit, Burp Suite / ZAP, Nessus, etc.)
• Experienced with virtual machine platforms and remote testing solutions
• Experienced with cloud computing infrastructures and cloud assessment techniques and tools
• Experienced with NIST SP 800-53 controls and testing against these requirements
• Experienced with testing methodologies such as NIST SP 800-115, OSSTMM, or the OWASP Testing Guide.
• Reliable team player
• Independent / capable of working effectively and efficiently with minimal supervision
• Strong time management skills
• Highly organized and detail oriented
• Understanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocols
• Working knowledge with both Windows and Unix operating systems
• Technologist mentality (follows, learns, and applies technology trends through self-initiation)
• Persistent and undeterred work ethic
  
  

PreferredSkills/Qualifications/Certifications:

• Able to properly install, configure, and run common open-source testing tools
• Experience with web languages including JavaScript, PHP, Java, Swift, and .NET
• Familiarity with Microsoft SQL Server and Oracle database concepts
• Familiarity with application DevOps concepts, tools, and technologies
• Scripting experience (Python, Bash, Ruby, PowerShell, Command Shell, etc.)
• Experience developing MetaSploit modules, Nessus plugins, and exploit automation
• Relevant certifications a plus (OSCP, OSCE,CISSP, GPEN, C|EH, Security+, Network+, etc.)

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements.

Compensation:

At Aerstone, we value your time and wellbeing. Our benefit offerings include healthcare, retirement plan, flexible leave program, and training and certification assistance. See a little bit more about those benefits below:

• Health Care:

Aerstone pays for 100% of the costs of Carefirst medical and pharmacy up to each employees Annual Deductible.

We also offer excellent dental and vision plans through Concordia Dental and Superior Vision. Aerstone pays the premiums for employees. Aerstone also provides $50,000 in life insurance to each employee and pays the premiums for a long-term disability insurance policy.

• Retirement Plan:

Aerstone offers a 401(k) plan through Fidelity Investments with 10% profit sharing.

• Flexible Leave Program:
  

Aerstone has a flexible leave policy, which means that everyone is on their honor to put in an honest days work for an honest days pay. You take the time you need, when you need it.

• Training and Certification Assistance:

Aerstone recognizes that technical training is an important part of professional development, and extremely valuable to the company.

We have always been committed to budgeting funds for yearly employee training and encourage all employees to develop their own training plan.

Possible training includes keeping current on industry or technology changes and enhancements, learning new software tools and concepts, attending industry events, earning CPE credits as required to maintain existing certifications, and achieving new certifications

EEOC:

Equal Employment Opportunity has been, and will continue to be, a fundamental principle at Aerstone, where employment is based upon personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, familial status, disability, veteran status, sexual orientation, health/genetic information, or any other protected characteristic as established by law.

In compliance with federal EEOC regulations, the selected employee will work on a cleared contract and therefore be required to hold U.S. citizenship.