Title: Lead Penetration Tester
Location: United States (Remote)
COMPANY PROFILE
Insight Assurance is a security and compliance firm trusted by over 700 organizations for their SOC 2, PCI DSS, ISO 27001, and HIPAA audit needs. Insight Assurance is a licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body founded by former Big-4 professionals (Former EY) looking to simplify the world of IT compliance.
JOB PURPOSE
The Lead Penetration Tester is responsible for overseeing and conducting advanced penetration testing and security assessments to identify vulnerabilities in the organization's systems, networks, and applications. This role involves leading a team of penetration testers, developing testing methodologies, and ensuring the security of enterprise-wide information systems.
DUTIES AND RESPONSIBILITIES
- Plan, design, and execute penetration tests on applications, networks, and systems
- Lead and supervise a team of penetration testers, providing guidance and support
- Identify and exploit vulnerabilities in software, hardware, and network systems
- Develop comprehensive and accurate reports and presentations for various stakeholders
- Collaborate with IT and cybersecurity teams to enhance security protocols and implement remediation strategies
- Stay current with the latest testing tools, methodologies, and cyber threats
- Conduct security assessments and risk analyses
- Develop and maintain security testing plans, policies, and procedures
- Provide training and support to other team members on security best practices
- Spearhead social engineering initiatives and simulate real-world attack scenarios
- Ensure compliance with regulatory requirements and security standards (e.g., PCI-DSS, HIPAA)
EDUCATION
- Bachelor's degree in cybersecurity, computer science, information technology, or a related field
- Proven experience as a penetration tester or similar cybersecurity role, with at least 5 years of experience
- Proficiency with penetration testing tools (e.g., Metasploit, Burp Suite, OWASP ZAP)
- Strong understanding of network protocols, cryptography, and security vulnerabilities
- Familiarity with programming/scripting languages (e.g., Python, Bash)
- Excellent report-writing and communication skills for documenting findings and advising on security improvements
- Relevant certifications (e.g., OSCP, CEH)
- Ability to manage and balance time among multiple tasks and lead junior staff when required
- Strong analytical thinking and problem-solving skills
- Ability to travel up to 25%
SKILLS
- Advanced cybersecurity certifications (e.g., OSCE, OSWE, SANS)
- Experience with cloud environments and configurations (AWS, Azure, GCP)
- A record of published research or contributions to the security community
- Deep knowledge of at least one programming language (Python, Go, Java, PowerShell, etc.)
- Advanced knowledge of Linux and/or Windows OS and experience in supporting and installing multiple software products
- Ability to successfully interface with clients (internal and external)
- Ability to document and explain technical details in a concise, understandable manner
BASIC REQUIEREMENTS
- Must have the ability to gain United States Security Clearance (if applicable)
- U.S. citizenship or eligibility to obtain required authorizations from the U.S. Department of State (if applicable)
