Lead Penetration Tester
Who We Are
Looking for more than just a job? We like developing our people just as much as we like developing great products and services.
Ivanti is a global leader in IT (Information Technology) systems and security management, service management, asset management, and mobility management and security solutions - helping organizations reduce risks and costs associated with managing their IT environment.
Ivanti is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work, as well as many accolades for the products it develops. Our customer focus strategy is driven by the company's core values, including innovation, accountability, teamwork, and trust. It is an exciting time to join Ivanti.
If you are passionate about what you do, are a champion of customer satisfaction and success, and interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!
What We Do
- Empower users to connect from any place seamlessly and securely in the world that offers air, water and... Internet!
- Equip organizations with the right tools to configure access, manage and enforce compliance with a holistic view on network, users, and usage.
- Empower organizations to continue to breathe easy, now with an added sense of invincibility.
- Work hard so that you can focus on the things you want to!
What We Are Looking For
A Lead Penetration Tester with a background in Application Testing and Exploitation.
You can talk about Cross-Site Scripting (XSS), exploit a SQL injection, discuss SSL certificates, and write a Report. You are Self-Starter, able to lead, communicate and manage assigned projects throughout the Testing Lifecycle. This is a Remote Position.
What You Will Be Doing
- Perform Application and/or Solution Security Testing on Ivanti's Internal Product and Infrastructure.
- Create Proof of Concept documentation for vulnerability reports.
- Support Engineering teams by providing guidance and best practices for application security development and architecture.
- Perform Static Code reviews to identify potential security vulnerabilities within Ivanti's Product and Infrastructure.
- Assist with Validation and Verification of Third-Party Product Incidents from Responsible Disclosures and Customer Vulnerability Reports.
- Create effective Penetration Report for each Product Tested based on Vulnerability Risk Findings then, collaborate with Engineering for Remediation and Retesting.
- Participate in Product Security Incident Response Team (PSIRT) investigations, as required.
Who You Are
- A person who is passionate about IT Security and genuine about creating a secure product with modern, agile facing practices.
- Innate curiosity and ability to learn. Individuals should be confident in picking up innovative technologies and pivoting when the role requires.
- Critical thinking and troubleshooting are paramount. Practical creative solutions to difficult problems are key. Analytical, Proactive, Collaborative and Adaptable.
- Experience with the following would be preferred but not required:
- Cloud - experience testing in AWS/Azure environments
- Linux Kernel - experience in the nuances of Linux Kernel testing
- Containers - experience with testing and secure deployments in Kubernetes
You are Ideal Candidate if you have
- Multiple years' experience as an Application Penetration Tester.
- Demonstrated understanding of common vulnerability classes ranging from Cross-Site Scripting to memory corruption.
- Understanding of how various endpoint and perimeter-based security products work.
- Knowledge of:
- Frameworks such as OWASP (Open Web Application Security Project), MITRE ATT&CT, and SANS.
- Linux, Windows, Android, iOS, macOS
- Container technologies with Azure Kubernetes Services - preferred
- Open-Source Software and Package Management
- OSI Layers - including TCP/IP Networking (packet captures)
- Testing Tools experience:
- BurpSuite, Kali Linux, Metasploit, Wireshark
- IDA Pro, Ghidra, OllyDbg, MS Attack Surface Analyzer, Sys Internals
- Ability to educate others on common vulnerability classes, including SQL/Command Injection, XSS, CSRF (Cross Site Request Forgery), SSRF (Server-Side Request Forgery), and Binary exploitation.
- Certifications preferred: OSCP, OSCE, PEN/WEB-300, GIAC (e.g. GPEN, GWAP or GXPN) or equivalent.
Ivanti provides a supportive environment for motivated individuals looking to grow their careers and realize high earnings potential. Join a challenging, technology focused environment, earn a competitive salary and benefits package, receive the training you need to stay ahead of the curve, and work in a casual, smart, and fast-paced organization.
The Penetration Testing Team are a group of highly talented and experienced specialists that continue to learn and make each other better. The International team are all supportive and play and key role in the success of the Ivanti Product Security.
External Recruiting Agencies/Vendors
Ivanti does not currently engage with external recruiting agencies and will not accept unsolicited resumes from any external agency. Unsolicited resumes submitted by agencies to Ivanti will become the property of Ivanti and may be contacted and engaged with directly. Ivanti maintains a preferred vendor list and only engages with these agencies from time to time. Ivanti has not agreed to pay placement or any other fee to companies who have not been specifically retained to conduct a candidate search.
Individuals seeking employment at Ivanti are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.