There is no typical day for our Pen Test team. Our clients rely on us to find and exploit a myriad of vulnerabilities across their on premise and cloud-based networks and applications. The benefit of being exposed to so many different situations is that you are constantly building your knowledge base and skillset while keeping up with the latest technologies. Our team is remote yet extremely collaborative and works together to utilize their different backgrounds and experience to solve these problems.
- Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures
- Adhering to the professional and regulatory standards relevant to assigned service line specialization(s)
- Promoting Schellman’s company culture and exemplifying Schellman's values
- Establishing high quality relationships and rapport with client personnel
- Managing client expectations to ensure expectations are exceeded
- Completing assigned duties in a timely manner and with a high attention to detail
- Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project
- Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks
- Escalating issues internally in a proper and timely manner
- Using discretion and decorum in the timing, form, and content of all client communications
- Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures
- Performing the essential functions of other service delivery positions when qualified and called upon to do so
- Attending project kick-off and closing meetings
- Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable
- Drafting project deliverables
- Serving as a contact for clients' basic questions regarding an engagement
- Participating in recruiting and candidate interview activities
- Training project team members
- Acclimating newer team members to Schellman
- Contributing to Schellman's practice development efforts
- Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)
- Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)
- Working knowledge of Schellman’s services, methodology, and relevant professional standards
- Requisite knowledge of applicable technology and security domains
- High level of attention to detail and quality of work product
- Client service oriented
- Excellent time management, organizational, and verbal and written communication skills
- Ability to work on-site or remotely as a valuable contributor to a collaborative team
- Capable of simultaneously managing assigned tasks for multiple projects
- Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications
- Full understanding and application of ethics, independence and Schellman’s values
- Bachelor's degree in technology, computer science or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
- 3+ years’ experience in hands on penetration testing
- 1+ year experience in web application penetration testing
- Ability to work well independently, within a team and with clients
- Completion of one or more of the following certifications:
- Offensive Security Certified Professional (OSCP) (Required)
- Certified Red Team Operator (CRTO) (Preferred)
- Burp Suite Certified Practitioner (Preferred)
- Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges – SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.)
- Competency in common operating systems (e.g. Windows, macOS, Linux)
- An understanding of cloud computing models, technologies, and concepts
- Proficiency with at least two scripting languages (e.g. Python, Bash, JavaScript, PowerShell)
- Knowledge of PCI and FedRAMP programs
- A passion for identifying and exploiting vulnerabilities
- Demonstrated entrepreneurial abilities, client focus, industry savvy, and the ability to work independently or as part of a collaborative team
- Self-driven in a remote working environment, motivation to continuously improve your skillset
Schellman is an equal opportunity employer (EOE) and strongly supports diversity in the workplace; therefore, providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. Schellman uses E-Verify in our hiring process.
At Schellman, we strive to provide a flexible and balanced environment and therefore offer the opportunity to work remotely, unless otherwise stated in the job requirements. Connecting, collaborating and continuous education are also highly valued and therefore we require approximately 20% travel annually for our Operations roles, which can include in-person training, team meet-ups, and strategy meetings. Service Delivery team members will also be required to travel based on business and client needs.