Senior Penetration Tester

Job Title: Senior Penetration Tester

Pay Type: SALARIED EXEMPT

Report To: Federal Security and Compliance Manager

Company Overview:

Quzara LLC, a SBA Certified WOSB, EDWOSB, and 8(a) cybersecurity firm, specializes in compliance advisory, cloud security, and managed security operations. Driven by innovation and dedication, our mission is to secure our clients' digital landscapes. Our services include Federal Security & Compliance, Vulnerability Management, Continuous Monitoring, Advanced Security Analytics, and Cloud Security, among others. Join our team and contribute to a culture of excellence and continuous improvement in the cybersecurity domain.

Summary of Position Role/Responsibilities

Quzara is looking for a highly experienced and skilled Senior Penetration Tester with specific expertise in Microsoft 365 and Azure Security. The ideal candidate must be able to perform advanced security testing on wired and wireless networks, web-based applications, and computer systems using penetration testing tools, as well as lead and mentor a team of Penetration Testers. They should have extensive experience with the latest methods and tools for ethical hacking and have a track record of performing penetration tests. Additional responsibilities include performing security audits, analyzing security policies and procedures, and writing comprehensive security assessment reports.

Essential Functions of the Job

• Plan, create, and execute advanced penetration methods, scripts, and tests for the team, with a focus on Microsoft 365 and Azure Security
• Assess and test the security of Microsoft 365 environments, including Exchange Online, SharePoint Online, and Teams
• Conduct penetration testing and vulnerability assessments on Azure cloud infrastructure and applications
• Lead and mentor a team of Penetration Testers, providing guidance and sharing expertise
• Carry out remote and on-site testing of client networks and infrastructure to expose security weaknesses
• Simulate security breaches to assess a system's relative security
• Create detailed reports and recommendations based on findings, including uncovered security issues and associated risk levels
• Present findings, risk assessments, and conclusions to management and other relevant parties
• Maintain advanced knowledge of networking, cryptography, reverse engineering, web applications, operating systems, databases, and wireless technologies
• Possess expertise in various scripting and programming languages, including Python, SQL, C/C++, JavaScript, PHP, Java, and Ruby
• Provide strong written and oral communication skills to effectively convey assessment results and potential weaknesses

Marginal Functions of the Job

• Other duties as assigned

Normal Work Schedule

This is a full-timeREMOTEposition. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM (eastern time zone). Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

• Bachelor's degree and at least 10 years of experience in cybersecurity. Additional years of relevant experience may be considered in lieu of a Bachelor's degree.
• 7 years minimum of work experience directly related to Red Team assessments, and penetration testing (intranet, internet, web, wireless, social engineering), with a focus on Microsoft 365 and Azure Security
• Expertise with scripting languages (e.g., Python, PowerShell, Java, Perl, etc)
• Proficiency with penetration testing tools (Kali Linux, Binwalk, Burp, etc)
• Experience acting as a Subject Matter Expert or team lead, providing guidance to others
• Proven track record of reviewing cybersecurity vulnerabilities for risk and relevance
• Experience in planning mitigations for systems vulnerabilities/li>
• Exceptional communication skills; able to successfully communicate with management personnel, technical personnel, and third parties

Specific Requirements and Other Required Licenses, Certifications

• One or more of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, MS-500 (Microsoft 365 Security Administration), AZ-500 (Azure Security Technologies)
• US Citizenship is required for this position.
• Required for this role is the ability to obtain a federal security clearance.

EEO Statement

We are committed to creating a diverse environment and are proud to be an e Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment without discrimination based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.