Penetration Test Consultant
About 5th Column:
5thColumn is a boutique information security company centered on next generation cyber threat protection and enterprise data security. Founded in early 2012, 5thColumn has combined the best of the best to be a leading provider in the greater Chicago area and the Midwest. We consider ourselves to be true technology partners that take the time to understand your business requirements, creating a sustainable IT infrastructure roadmap for your needs. Our mission is to insure your data is available, resilient, and accurate.
5thColumn services companies of all sizes and verticals with hosted, outsourced, or traditional onsite deployment options. Building on the infrastructure and products already deployed within your environment, our revolutionary, turn-key solution, StackBOSS™ with Threatrospective™ technology turns any traditional network into one cohesive, intelligent sensor. Unified, consolidated, and visualized in colorful dashboards, your point solutions are all anchored together.
Description:
5thColumn is looking to add a Penetration Tester to our team. We're looking for people who like a good challenge and enjoy and thrive in a startup culture. The ideal candidate will have experience with internal and external penetration testing and the associated tools.
Location:
We are a local team based in downtown Chicago. Ideally, any candidate applying would be based in the Chicagoland area. Some travel in the Midwest will be required.
Role and Responsibilities:
The Penetration Testing Consultant will provide customers with excellent service around their project including:
• Configuring and running various automated pen testing tools
• Manually verifying found vulnerabilities are exploitable
• Creating thorough documentation of exploits and findings
• Presenting findings to technical and executive audiences
• Working with the team to develop new services
• Ability to work off-hours as required by our clients
Ideal candidates will have experience in the following security tools and technologies:
• Vulnerability scanning tools like Qualys, Nessus, Nexpose, OpenVAS, etc.
• Exploit frameworks such as Metasploit, Kali, BurpSuite, Nmap, etc.
• Password cracking tools, hardware, and tables
• Wireless exploits and tools
• Common desktop and server operating systems (Linux, Windows, OSX, BSD)
• Common network servers (Exchange, IIS, Apache, Oracle, MySQL, etc)
• Experience with programing languages such as Python, Perl, Ruby
• Project management skills and strong ability to document and articulate findings
• Self-starter with the ability to function independently on projects
Additional Skills that are desired:
• Pen testing certifications (GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCEH), Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP)
• Industry Security certifications (CISSP, Security +, or others)
• Authentication systems (Active Directory, OAuth, SAML)
• Experience working on an incident response team
• Works independently or as a team as required