100% Remote Eligible
Position Description
Sigma Technology’s Security reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. This position works closely with team members to plan, coordinate, execute and report on sophisticated ethical hacking exercises, to identify cyber vulnerabilities and reduce the risk posture of enterprise systems. This role will be primarily responsible for performing application and network security assessments and will make recommendations to clients on effective countermeasures.
The successful candidate for this position will be part of an exciting and dynamic environment to build and deliver industry leading ethical hacking capabilities to continuously protect and defend systems and data. Sigma Technology’s Penetration testing, Adversary Simulation line of services provide cutting edge solutions to our enterprise customers.
Primary responsibilities for this position include:
- Perform penetration testing of APIs, web applications, networks, and cloud services, as well as related applications and infrastructure.
- Assess customer’s development practices and help drive corporate security standards.
- Help triage and test application responsible disclosure findings and newly disclosed vulnerabilities.
- Work with developers to improve the Software Development Lifecycle (SDLC) for applications.
Basic Qualifications:
- High School Diploma, GED or equivalent certification
- At least 5 years of Penetration Testing experience
- At least 5 years of experience working in cybersecurity or information technology
- At least 1 year of experience with public cloud environments (AWS, Azure, GCP)
- Must have hands on experience with Kali Linux, MetaSploit, NMAP, BURP Suite, Wireshark, Nessus, OWASP ZAP, John the Ripper, Mimikatz, Hydra and other commercially available tools.
Preferred Qualifications:
- Bachelor’s Degree in computer science, information technology, information systems, or equivalent.
- 4+ years of security testing experience (red teaming, cloud security, application security, or network security)
- Inspiration to learn threat modeling concepts and frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE)
- Penetration testing experience with IoT devices, mobile applications, or code review.
- One or more of the following certifications: CEH, CISSP, CPT, GPEN, CPTE, OSCP or other industry recognized certification.
Compensation and Benefits:
- Competitive Base Salary and Bonus structure
- 401(k) Plan and Profit Participation for eligible members
- Generous holidays, vacation, and sick leave plans
- Comprehensive insurance plans that include, among other benefits, medical, dental, vision, life, disability