Senior Penetration Tester

Senior Penetration Tester We are seeking a Senior Penetration Tester to build and execute a comprehensive vulnerability assessment and penetration testing program. The role involves performing regular and ad-hoc penetration tests on cloud environments to ensure security controls are effective and compliant. Expertise in Ruby and Ruby on Rails is required, along with a strong background in cloud security, particularly within AWS environments. A. Technical Skills: Programming Languages: Proficiency in Python, Ruby, Perl, C, and C++. Expertise in scripting with Bash, PowerShell, and JavaScript. Operating Systems: Expert-level understanding of Windows, Linux, and Unix. Network Protocols: Deep knowledge of TCP/IP, UDP, DNS, HTTP/S, FTP, SMTP, and other network protocols. Penetration Testing Tools: Proficiency with Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and OpenVAS. Exploitation Techniques: Expertise in identifying/exploiting vulnerabilities such as SQL injection, XSS, CSRF, and buffer overflows. Knowledge of advanced exploitation techniques and post-exploitation methodologies. Cloud Security: Proficiency in AWS cloud security and tools such as Amazon Cognito, AWS Security Hub, GuardDuty, and Amazon Inspector. Expertise with cloud security tools and penetration testing methodologies specific to cloud environments. B. Web Application Security Skills: Web Application Security: In-depth knowledge of OWASP Top Ten vulnerabilities and web application security testing. Experience in testing web applications and APIs for security weaknesses. C. Experience and Technical Skills: Experience: Five years experience in IT security, including: Designing and implementing security architectures for cloud environments. Proficiency with AWS Cloud Platform and understanding cloud security best practices. Knowledge of security technologies such as firewalls, VPNs, IDS/IPS, WAFs, SIEM, and endpoint security solutions. Experience with encryption tools and technologies like Amazon Cognito, AWS Security Hub, GuardDuty, and Amazon Inspector. Familiarity with Industry Standards and Regulations: Knowledge of NIST, HIPAA, and SOC 2 standards. Experience conducting security assessments and audits. Problem-Solving and Communication: Strong problem-solving skills with the ability to explain complex security concepts to non-technical stakeholders. Effective collaboration with cross-functional teams. Responsibilities: Cloud Security Operations: Deployment and ongoing maintenance of AWS cloud security controls. Identify, deploy, and maintain necessary cloud security controls, ensuring the secure operation of the client’s AWS environment. Manage source-to-image container-based deployment models, image-stream containers, and trigger rebuilds upon base image changes. Oversee automated CI pipeline management and automated security scans during container image builds. Support cloud infrastructure management through infrastructure-as-code (IaC) and top operational models using pull requests. Cloud Orchestration & Networking: Deploy and manage security in multiple container-based cluster orchestration frameworks. Apply business security rules via an automated "operator agent." Ensure zero-downtime scaling, container networking isolation, and TLS-based secure communication across containers. Maintain full dashboard visibility on clusters, with automatic graphing of network communication patterns and dependencies. Manage service mesh networking models and read-write-many distributed storage across clusters. Disaster Recovery and Security Monitoring: Support disaster recovery across different cloud regions with an RTO/RPO of 1 hour. Manage centralized log monitoring, ensuring security log analysis and collaborating with client IT and the Privacy Officer for incident response. Provide detailed monitoring and analysis of logs to identify potential vulnerabilities. Security Audits & Compliance: Conduct regular penetration testing and vulnerability assessments to ensure adherence to industry standards such as NIST, HIPAA, and SOC 2. Collaborate with the development team to resolve identified vulnerabilities and ensure compliance. Job Type: Contract Pay: $50.18 - $71.28 per hour Experience: Python: 3 years (Preferred) Ruby on Rails: 3 years (Required) AWS: 3 years (Required) Ruby: 3 years (Required) Cloud security: 3 years (Required) Work Location: Hybrid remote in Washington, DC