Job Title:Â Senior Penetration Tester
Pay Type: SALARIED EXEMPTÂ
Location: Hybrid, Washington, DCÂ
US Citizenship: Required
Summary of Position Role/Responsibilities
Quzara LLC, a SBA Certified WOSB, EDWOSB, and 8(a) cybersecurity firm, specializes in compliance advisory, cloud security, and managed security operations. Driven by innovation and dedication, our mission is to secure our clients' digital landscapes. Our services include Federal Security & Compliance, Vulnerability Management, Continuous Monitoring, Advanced Security Analytics, and Cloud Security, among others. Join our team and contribute to a culture of excellence and continuous improvement in the cybersecurity domain.Â
Essential Functions of the Job
- Plan, create, and execute advanced penetration methods, scripts, and tests for the team, with a focus on Web Applications
- Assess and test the security of internal networks and underlying application infrastructure.
- Conduct penetration testing and vulnerability assessments on Azure cloud infrastructure and applications
- Lead and mentor a team of penetration testers, providing guidance and sharing expertise
- Carry out remote and on-site testing of client networks and infrastructure to expose security weaknesses
- Simulate security breaches to assess a system's relative security
- Create detailed reports and recommendations based on findings, including uncovered security issues and associated risk levels
- Present findings, risk assessments, and conclusions to management and other relevant parties
- Maintain advanced knowledge of networking, cryptography, reverse engineering, web applications, operating systems databases
- Possess expertise in various scripting and programming languages, including Python, SQL, C/C++, JavaScript, PHP, Java, and Ruby
- Provide strong written and oral communication skills to effectively convey assessment results and potential weaknessesÂ
- Assist in penetration testing intake, coordination with client teams for scheduling and delivery of reports/debriefs.Â
Marginal Functions of the Job
- Other duties as assigned
Normal Work Schedule
This is a full-time position. Standard business hours are Monday through Friday 8:00 AM to 5:3 PM. If your role falls within our Security Operations Center, you will be assigned a specific shift. As a result, your working schedule may require flexibility to cover any shift that falls within a 24/7 cycle, it may also change and rotate, including nights, weekends, and holidays.
Education, Training, and Experience
- Bachelor's degree in cyber security, computer science, IT or a related field and at least 10 years of experience in cybersecurity. Additional years of relevant experience may be considered in lieu of a Bachelor's degree.
- 7 years minimum of work experience directly related to Red Team assessments, and penetration testing (intranet, internet, web, wireless, social engineering), with a focus on Web Application testing
- Must have an active OSCP+ certification in addition to one of the following:
- CompTia PenTest+
- CEH
- CompTia CySa+
- GCIH
- GCFA
- CISSP
- Expertise with scripting languages (e.g., Python, PowerShell, Java, Perl, etc)
- A fundamental understanding and experience with business/application logic vulnerabilities.Â
- Expertise with API focused penetration testing.
- Proficiency with penetration testing tools (Kali Linux, Binwalk, BurpSuite, Wireshark, etc)
- Experience acting as a Subject Matter Expert or team lead, providing guidance to others
- Proven track record of reviewing cybersecurity vulnerabilities for risk and relevance
- Experience in planning mitigations for systems vulnerabilities
- Exceptional communication skills; able to successfully communicate with management personnel, technical personnel, and third parties.
Nice To Have:
- Certification in focused on Web Application penetration testing.
- i.e. eWPT, BSCP, etc
- Relevant security research.
- Accredited CVEs, research papers or contributions to the cyber security sphere.
EEO Statement
The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.
Learn more about this Employer on their Career Site
