Penetration Tester/Fort Lauderdale FL Hybrid W2 Only

Hi

We are looking for Penetration Tester/Fort Lauderdale FL Hybrid W2 Only. Anyone interested can share your resume at

Title: Penetration Tester/Fort Lauderdale FL Hybrid W2 Only Location: Fort Lauderdale FL Contract W2 Only
ok with lighter pen testing if strong scripting/coding and security tooling experience is deep (Python, Go, Bash, C++/C, Rust), we can train on the pentesting, The tooling development and strength in areas like containerization/CI-CD are key for the success of this role.

The Role:
The Senior Infrastructure Penetration Tester/Researcher plays a vital role in Citi's Vulnerability Assessments (VA) team and is responsible for providing VA services to all Citi businesses and technology teams globally. The position will be identifying weaknesses and vulnerabilities within the Citi infrastructure and is part of a larger, global team that collectively provide VA support to all of Citi's business groups. Commercial and open source Vulnerability Assessment tools and utilities are leveraged during these assessments.
Responsibilities
Provide Vulnerability Assessment/Penetration Testing services to Citi businesses globally through a comprehensive testing process
Participate in special projects ranging from tooling and methodology development, advanced penetration testing as well as architecture reviews with sister teams to shift-left
Serve as an SME for Infrastructure Penetration Testing in with emerging tooling sets(Containerization, AI, CI/CD etc)
Participate in the enhancement of testing processes and methodologies
Participate in building custom tooling aligned with strategic initiatives
Validation of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
Scan systems and applications, leverage initial results to build a subsequent attack methodology and execute effectively
Report Information Security vulnerabilities to businesses in an actionable manner

Qualifications
3-5 years' of relevant experience required in Offensive Security with a history of gradually expanding experience including network and overall infrastructure pentesting
Strong scripting/coding and security tooling experience(Python, Go, Bash, C++/C, Rust) ( willing to discuss if knowledge here is deep and pentesting is light ) @Roy, Rabin [TECH-FS] FYI
Reverse Engineering / Exploit Development
Strong hands-on experience with Vulnerability Assessment/Enumeration tools, e.g., Tenable Nessus, Qualys VM, OSS enumeration tools
Demonstrate hands on experience with penetration testing tools i.e. Kali suite, open-source tooling, Living Off The Land(OS), LOLBINS etc
Deep understanding of TCP/IP, Infrastructure stacks(i.e. 3 tier, segmented environments)
Demonstrable experience working effectively in Enterprise environments
Understanding of defensive security principles with an ability to demonstrate offensive opportunities
OS and Network Security Experience, e.g. Unix, Linux, Windows, Cisco, etc.
Understanding of common protocols, e.g. DNS, SMTP, SNMP, LDAP, Routing Protocols
Threat Mapping experience is a plus
Scripting (Bash, Python, etc.)
Design experience/understanding on infrastructure/systems (enterprise a big plus)
Exceptional interpersonal skills and a proven track record of working effectively with globally diverse teams
Ability to understand new and emerging technologies rapidly to keep up with an ever changing threat landscape
Ability to effectively document and explain exploits/vulnerabilities to technical and non-technical audiences including to senior leadership
Demonstrable proficiency in producing comprehensive penetration testing reports with actionable recommendations
Education
Bachelor's Degree or equivalent work experience
OSCP, OSCE, GXPN, CREST preferred or similar demonstrable experience
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required