Penetration Tester

Job Description

Role Overview

Redkite Network is seeking a skilled Penetration Tester to join our dynamic team. This role is pivotal in assessing and strengthening our clients’ digital defenses by identifying and exploiting vulnerabilities across enterprise networks, systems, and applications. The successful candidate will be responsible for meticulously documenting their findings and presenting comprehensive reports to diverse audiences, from technical teams to executive leadership. A critical aspect of this role involves clearly communicating identified security weaknesses, whether observed or confirmed, that could lead to compromises in data confidentiality, integrity, or availability. Additionally, the Penetration Tester will develop and propose well-researched remediation strategies. This position requires a strong grasp of industry-standard security testing methodologies and tools, with the ability to deploy them effectively while minimizing operational disruption for our clients and adhering to Redkite Network’s established procedures.

Key Responsibilities

The following are primary duties for this position. This list is not exhaustive, and additional tasks may be assigned based on business needs.

  • Plan, execute, and deliver various penetration testing engagements, including internal, external, wireless, and application-focused assessments.
  • Generate detailed deliverables, such as formal reports, technical notes, presentations, and supporting appendices, to be provided to clients within agreed project timelines.
  • Report project performance metrics to relevant team leads or departmental management.
  • Stay current with emerging threats, vulnerabilities, and exploit techniques across networks, systems, and applications.
  • Maintain existing professional security certifications and pursue new relevant industry credentials.
  • Demonstrate proficiency with penetration testing tools, including but not limited to Metasploit, NMAP, BURP Suite, Nessus.
  • Possess a solid understanding of various penetration testing and ethical hacking frameworks, such as OWASP, PTES, PTF, NIST SP800-115, and MITRE ATT&CK, and their practical application.
  • Maintain a working knowledge of network architectures and functionalities.
  • Adhere strictly to company operating procedures and rules of engagement while identifying and exploiting vulnerabilities across different operating systems, software, and hardware.
  • Collaborate effectively within a small team setting, maintaining clear and efficient communication.
  • Liaise with clients to accurately define appropriate penetration testing project scopes.
  • Accurately record and submit work hours by specified deadlines.
  • Actively participate in and respond to communications from Redkite Network personnel, including mandatory company training and scheduled team and departmental meetings.
  • Arrange business travel in compliance with company and client travel policies.
  • Maintain comprehensive documentation of client interactions and detailed records of actions taken during assigned projects.
  • Familiarity with Redkite Network’s core service offerings and the ability to recommend relevant solutions to clients.

Qualifications

Education & Professional Background:

    • Associate’s degree in Computer Science, Information Systems, or a related field, or equivalent practical experience.
    • Minimum of 3 years of professional experience in an IT Security-related role.
    • Experience within the Healthcare IT sector is advantageous.
    • Proficiency in common office productivity suites (e.g., Adobe, Microsoft Office applications like Project, Visio, Word, Excel, PowerPoint).
    • Strong foundational understanding of computer hardware and networking components.

Specialized Skills & Knowledge:

    • Expertise in network security principles, topology, and an understanding of the OSI Model.
    • Comprehensive knowledge of contemporary security standards, methodologies, and protocols.
    • Competency in developing and debugging scripts using PowerShell, Bash, or Python.
    • Demonstrated ability to communicate effectively, positively, and professionally with clients, third-party vendors, and internal teams.
    • Exceptional interpersonal skills, including strong verbal and written communication.
    • Proven resourcefulness and a proactive approach to initiating and completing tasks.
    • Strong problem-solving and critical thinking abilities.
    • High degree of flexibility and self-motivation.
    • Ability to handle and safeguard confidential information with utmost discretion.

Certifications:

    • Relevant industry security certifications (e.g., CISSP, SSCP, OSCP, CEH, GSEC).
    • Other technology certifications (e.g., RHCA, MCSE, CCNA) are a plus.

Reporting Structure:

  • This position does not currently include supervisory responsibilities.

Shift Timing: US Timing