Job Description
Job Description
NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever after.
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
We are seeking an experienced professional with demonstrated technical depth and breadth in Cloud Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers.
Responsibilities:
- Execute cloud penetration tests against AWS/Azure environments.
- Develop innovative TTPs in support of Cloud testing.
- Create attack narratives and findings-based penetration test reports for clients.
- Collaborate with clients to create remediation strategies that will help improve their security posture.
- Act as a resource for internal team members as it relates to in-depth technical questions or best practices in Cloud.
- Assist in QA review of Cloud engagements.
- Help define and document internal processes and TTPs.
- Contribute to the information security community through the development of tools, presentations, white papers, and blogs.
Minimum Qualifications:
- Bachelor's degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience.
- 3 - 5 years’ experience performing offensive/attack-oriented penetration tests against AWS/Azure environments and External/Internal networks.
- Recognized Penetration Testing specific qualifications such as GXPN, OSCP, OSCE, or similar certifications.
- Strong communication, presentation, and writing skills.
- Experience performing security focused cloud configuration reviews.
- Experience with offensive toolkits for both cloud and network penetration testing.
- Demonstrable knowledge in the following areas:
- Exploiting security misconfigurations for core cloud services such as Compute, Storage, Databases, Networking, Kubernetes, and other PAAS services.
- IAM security fundamentals and how to leverage excessive permissions for lateral movement and privilege escalation within the cloud.
- Includes Azure RBAC and Entra ID RBAC for Azure.
- Testing external cloud attack surfaces.
- Testing internal cloud attack surfaces.
Preferred Qualifications:
- Programming experience in one or more of the following languages: Python, PowerShell, C#, Go.
- Experience researching new cloud service offerings with the goal of identifying misconfigurations and vulnerabilities.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.