Legal Staff Other in Miami, FL

Law Firm

Miami, FL

Legal Staff Other in Miami, FL

Legal Staff

No

Job Title: Security Vulnerability and Penetration Testing (VAPT) Engineer

Job Responsibilities:
- Oversee and serve as a technical resource for all assessment activities related to the security posture of existing and proposed systems, platforms, and processes.
- Ensure the confidentiality, integrity, and availability of information systems in line with business objectives, regulatory requirements, and strategic goals.
- Perform security penetration testing on systems, platforms, and applications.
- Act as a Subject Matter Expert (SME) for the VAPT function.
- Serve as the system owner for common VAPT toolsets, platforms, and processes.
- Provide technical assessment reports that are easily understandable by the target audience, including practical and reasonable recommendations based on sound risk management principles.

Education and Experience Information:
- Possess a Bachelor’s degree in Computer Science or have substantially equivalent experience.
- CISSP certification is required.
- GIAC GPEN or GWAPT certification is preferred.
- Offensive Security OSCP certification is required.
- Commanding knowledge of VAPT concepts and best practices, including WhiteHat/ethical hacking requirements.
- Expert understanding of the difference between a vulnerability assessment and a penetration test concerning assessment scope, objectives, and deliverables.
- Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave.
- Expertise with common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
- Expertise with mobile platform security technology, including vulnerability identification and exploitation tools, as well as mobile platform security best practices and frameworks.
- Understanding of VAPT in the context of risk management and organizational priorities.
- Passionate about the practice and pursuit of VAPT excellence.
- Ability to validate the presence of identified vulnerabilities with accuracy.
- Mastery of common application platforms and technologies to effectively understand and evaluate complex application assessments using manual techniques and simple tools such as proxies and browser plugins.
- Authoritative mastery of OWASP, CVE, general security controls, and other foundational topics, including the latest application and operating system exploits.
- Expert knowledge of common scripting and programming languages is advantageous.
- Ongoing commitment to understanding the threat landscape and common adversary motivations/practices.
- Ability to quickly adapt practices to evolving circumstances.
- Able to maintain critical thinking and composure under pressure.
- Strong written and oral communication skills, with the ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English.
- Capable of assisting with the preparation of internal training materials and documentation.
- Able to be productive and maintain focus without direct supervision.

Salary Information:
- This position is bonus-eligible and includes medical, dental, vision, and 401(k) benefits based on the number of hours worked.
- If located in an office in one of the states listed (New York, Illinois, California, or Washington DC), the US base compensation for this position is expected to be in the range of $130,000-$150,000.
- Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
- Specific salary range for preferred locations can be discussed with a recruiter during the hiring process.