Security Engineer – Penetration Testing

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

ISC2

WebsiteLinkedInAll Job Openings

201 - 500 employees

Founded 1989

🔒 Cybersecurity

📚 Education

☁️ SaaS

Cybersecurity • Education • SaaS

ISC2 is a leading organization dedicated to advancing cybersecurity education and certification. They provide various programs for individuals at different stages of their cybersecurity careers, including certification exams, training resources, and leadership development opportunities. ISC2 also advocates for members and promotes diversity within the cybersecurity field by empowering professionals and communities.

📋 Description

• Plan, execute, and document internal and external penetration tests against ISC2 applications, networks, cloud environments, and infrastructure. • Perform vulnerability assessments and validate findings to distinguish genuine risks from false positives. • Conduct web application, API, mobile, and network vulnerability assessments using industry-standard methodologies (OWASP, PTES, OSSTMM). • Perform social engineering assessments, including phishing simulations and physical security testing as authorized. • Produce clear, actionable written reports detailing findings, risk ratings, evidence, and remediation recommendations tailored to both technical and executive audiences. • Support red team exercises and adversary simulation activities to test detection and response capabilities. • Own remediation follow-through: translate pen test findings into security engineering work items, validate fixes, and track resolution to closure in Jira Service Management. • Design and implement security controls across ISC2’s cloud and on-premises environments, including hardening configurations for Azure, Okta, SentinelOne, CheckPoint, and F5 XD. • Maintain awareness of emerging vulnerabilities, exploits, and threat actor TTPs; operationalize threat intelligence into actionable hardening and detection improvements.

🎯 Requirements

• Proficiency with penetration testing tools including Burp Suite, Metasploit, Nmap, Nessus, Cobalt Strike, and similar offensive frameworks. • Strong understanding of web application vulnerabilities (OWASP Top 10), network protocols, Active Directory attack paths, and cloud security (Azure, AWS, GCP). • Effective written and verbal communication with cross-functional teams is essential. • Scripting and automation proficiency in Python, Bash, or PowerShell; ability to write or modify exploit code as well as defensive tooling. • Familiarity with MITRE ATT&CK, CVSS, CVE, NIST SP 800-115, and the CIS Benchmarks for secure configuration baselines. • Posess AI literacy and ability to test Ai workloads and infrastructures. • Relevant certifications strongly preferred: OSCP, GPEN or GWAPT, plus one engineering/architecture credential (CISSP, CSSLP, or equivalent). • ISC2 membership or certifications (CISSP, CC) are a plus and demonstrate alignment with ISC2’s mission.

🏖️ Benefits

• Health insurance • Paid time off • Professional development opportunities