Senior Penetration Testing Consultant at Blue Yonder – Dallas

Role: Senior Penetration Testing Consultant

Location: Dallas TX – Hybrid role, office presence required

BlueYonder is looking for a Senior Penetration Testing Consultant who will be responsible for leading and executing penetration testing activities against our private and public network, etc. If required, this candidate will also perform penetration testing for the customer environments. This member will play a key role in the development of our Red Team. This role will be a senior role and someone with strong experience is preferred.

The candidate would work with leading PenTest vendors to create SOWs and perform penetration testing activities as needed. The candidate would also create a robust internal penetration testing program to determine the organization’s security posture and provide meaningful feedback to stakeholders.

Responsibilities

• Create and maintain a robust penetration testing program for the organization, a key role within the security organization
• Perform all penetration activities for the BlueYonder infrastructure
• Coordinate customer requests for penetration testing
• Focus on all phases of penetration testing including information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, remediation activities
• From several thousand assets, identify those that require priority assessment
• Ability to expand to a Red team with a focus on validating the security controls and security tools in place
• This candidate would ultimately create awareness of the degree of compromise one could make with the current security posture, so that asset owners can truly understand the security posture of their products and their network.
• Creates processes for the penetration testing program, taking into account all phases of the program
• Use the results of vulnerability scans from all scanners
• Leverage Threat Intelligence to Raise the Bar for the PenTesting Program
• Assess threats, vulnerabilities and risks on cloud platforms such as Azure, AWS, etc.
• Be responsible not only for identifying outcomes, but also for providing solid feedback to stakeholders and reducing risk exposure.
• Able to validate the security measures within the organization, such as intrusion prevention and detection systems, etc.
• An expert in post-exploitation to actually determine the extent of the compromise, after identifying vulnerabilities
• Describe the root cause and implications for asset owners
• Demonstrate the risk using an oral and video demonstration in lay language, if necessary
• Reduce open vulnerabilities by providing remediation guidance and feedback when needed
• Document and track all hacking activities for management and auditors
• Represent the team to internal and external auditors as required
• Review the reports for each assessment before sending them to asset owners or to customers
• Participate in the incident response team and provide support as needed.
• Generate metrics for management as needed.
• Create system security reports by collecting, analyzing, and summarizing data and trends
• Any other security related duties assigned by management.

Qualifications

• 7-8 years of demonstrable experience in penetration testing or Red Teaming; a Master’s degree can be substituted for 2 years of experience.
• Extensive expertise in vulnerability and threat management, penetration testing, and the collection and condensation of threat intelligence into actionable and meaningful communication materials.
• Bachelor’s degree in Information Security or Information Technology or Computer Science or related fields
• Extensive and diverse experience in designing and implementing network security designs.
• Expert in network security, system security and endpoint security.
• Education and experience in public cloud infrastructure such as Microsoft, Google, AWS or IBM.
• Demonstrated experience with products related to vulnerability management services including Retina, Qualys, Tenable, Nexpose, Kali Linux, Metasploit, Core Impact, Immunity Canvas, Burp Suite, Cobalt Strike, Blood Hound, etc.
• Excellent customer service, including strong written and verbal communication skills.
• Demonstrated knowledge of information security concepts, standards and practices, including firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management, and event monitoring/reporting.
• Certifications such as OSCP, OSCE, CEH, CISSP or equivalent.
• Results-oriented and an eye for detail.
• Ability to work across shifts, enabling you to collaborate with the global team.

#LI-SR1

—————————————-

The salary range for this position is $105,261.54 to $132,738.45

The salary range information provided reflects the expected base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual salary will be commensurate with skills, experience, certifications or licenses, and other relevant factors. Additionally, this position is eligible for participation in the annual performance bonus or commission program, determined by the nature of the position.

At Blue Yonder, we care about the well-being of our employees and those who matter most to them. This is reflected in our robust benefits package and options, including:

• Comprehensive medical, dental and visual care

• 401K with matching

• Flexible free time

• Corporate fitness program

• Wellbeing days

• A variety of voluntary benefits such as: legal plans, accident and hospital reimbursement, pet insurance and much more

At Blue Yonder, we are committed to creating a truly inclusive and connected workplace where everyone can share their unique voices and talents in a safe space. We remain guided by our core values ​​and are proud of our diverse culture as an equal opportunity employer. We understand that your career journey may look different than others, and we embrace the professional, personal, educational and volunteer opportunities that help people gain experience.

Our values

If you want to know the heart of a company, look at its values. Ours unite us. They are the driving force behind our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equality (DIVE) is our strategy to create an inclusive environment that we can be proud of. Check out Blue Yonder’s first Diversity Report, which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our employees from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.