IBM Security - Penetration Tester 142625BR Job Description A person with deep technical expertise in the processes, procedures, tools and methodology for assessing IT Security risk. The role requires an individual who can independently visualize the network topology from information provided, prepare tests, conduct hacker simulations and demonstrate the likelihood of data compromise via 'proof of concept exploitation' of a given vulnerability. Further to the tests, to be able to clearly describe the problem, the concerns and provide recommendations to fix. As a Proactive Security & Prevention Pentest Team member, you will be performing various types of infrastructure or application level security assessments including: vulnerability scanning, ethical hacking and penetration testing. Upon completion of testing activities, you will need to write an assessment report which contains the findings, the assigned risk level, the proposed mitigation and all technical details which is necessary to reproduce the test results. Occasionally youll need to present the assessment findings to the senior management and you will need to work with the system owners to mitigate vulnerabilities. As a team member you will occasionally need to participate in the development of team processes and tools. To keep your personal and your teams skills up to date you will be required to continuously learn and share information with your team mates. Country/Region United States State / Province ILLINOIS City / Township / Village SCHAUMBURG IBM Business Group Security Primary job category Technical Specialist Role ( Job Role ) Security Specialist Employment Type Full-Time Contract type Regular New Collar Role No Required Technical and Professional Expertise * Possess relevant certifications i.e. OSCE, OSCP, GPEN, GWAPT, eCPPT, eWPT, etc or is able to demonstrate the equivalent skillset through previous employers, a professionally edited blog, active participation in the cybersecurity community, CTF participation and write-ups, or any combination of meaningful contributions * Familiar with OWASP top 10 vulnerabilities and be comfortable using them to compromise web applications in a way malicious hacker would * Familiar with common network services and their uses and be comfortable exploiting them * Know the differences between common operating systems such as Windows, Linux, BSD, Unix, and be comfortable with compromising data on such systems, pivoting, and other hacker techniques * Should be familiar with the following penetration testing tools: burpsuite, AppScan, postman, owasp zap, fiddler, paros proxy , sql map, dir buster, SQL Ninja, w3af, beEF, John the riper, oclhashcat, metasploit, nmap, Armitage, masscan, hping, Cain & Abel Preferred Technical and Professional Experience * 3 to 4 years hands on experience w/o college degree * 2 to 3 years hands on experience with a bachelor's degree * 1 to 2 years hands on experience with a masters degree * Specifically seeking a hybrid candidate who is comfortable in both infrastructure testing and web application testing, competence with other modes of pentesting is a plus * Possess relevant certifications, i.e. OSCE, OSCP, GPEN, GWAPT, eCPPT, eWPT, etc * Familiarity with scripting in UNIX shell, PERL, or Python a plus * Familiarity with XML, SOAP, and Ajax Eligibility Requirements * None Required Education Bachelor's Degree Preferred Education Master's Degree Position Type Professional Travel Required Up to 10% or 1 day a week Is this role a commissionable/sales incentive based position? No