Proficiency with red teaming tests in the performance of penetration testing.Ability to create custom scripts as needed for penetration testing.Knowledge of Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.Serves as the technical lead on penetration testing efforts.At least 7 years of hand-on experience in performing external and internal penetration tests using security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools. Maintain industry certifications specific to penetration testing.Provide consultative client-facing guidance and advice to customers of CGI regarding vulnerability remediation including recommending workarounds or risk mitigation strategies and approaches.Proactively seek guidance, clarification, and feedback.Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members.Participating actively in client discussions and meetings imparting knowledge and training regarding security vulnerabilities.Participate in management, maintenance and deployment of penetration testing tools and technologies.Create assessment reports that document vulnerabilities, identify causes, and propose remediation strategies.Lead our team in the development and testing of customised stealthy penetration testing or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems in support of red team engagements.Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns, web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems.Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information.Exploit vulnerabilities and identify and document risks to networks and systems or applications.Plan, coordinate, manage and assess network security using automated and manual penetration techniques to identify security vulnerabilities for both internal and external CGI clients.
0 kommentar(er)
