Apply on Employer Site

Schellman · 9 hours ago

Senior Penetration Tester

Tampa, FL

Full-time

Hybrid

Mid, Senior Level

3+ years exp

Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services, specializing in cybersecurity assessments. The Senior Penetration Tester will be responsible for hands-on project execution, managing client expectations, and collaborating with team members to identify and exploit vulnerabilities across various networks and applications.

Assisted LivingConsultingInformation Technology

Growth Opportunities

Responsibilities

Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures

Adhering to the professional and regulatory standards relevant to assigned service line specialization(s)

Promoting Schellman’s company culture and exemplifying Schellman's values

Establishing high quality relationships and rapport with client personnel

Managing client expectations to ensure expectations are exceeded

Completing assigned duties in a timely manner and with a high attention to detail

Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project

Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks

Escalating issues internally in a proper and timely manner

Using discretion and decorum in the timing, form, and content of all client communications

Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures

Performing the essential functions of other service delivery positions when qualified and called upon to do so

Attending project kick-off and closing meetings

Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable

Drafting project deliverables

Serving as a contact for clients' basic questions regarding an engagement

Participating in recruiting and candidate interview activities

Training project team members

Acclimating newer team members to Schellman

Contributing to Schellman's practice development efforts

Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)

Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)

Qualification

Penetration TestingOSCP CertificationWeb Application TestingCloud Computing KnowledgeScripting LanguagesClient Service OrientationTime ManagementTeam CollaborationAttention to DetailCommunication Skills

Required

At least 2 years of security experience

Hands-on security certifications (e.g. OSCP)

Bachelor's degree in technology, computer science or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified

3+ years' experience in hands on penetration testing

1+ year experience in web application penetration testing

Ability to work well independently, within a team and with clients

Completion of Offensive Security Certified Professional (OSCP)

Competency in common operating systems (e.g. Windows, macOS, Linux)

An understanding of cloud computing models, technologies, and concepts

Proficiency with at least two scripting languages (e.g. Python, Bash, JavaScript, PowerShell)

Working knowledge of Schellman's services, methodology, and relevant professional standards

Requisite knowledge of applicable technology and security domains

High level of attention to detail and quality of work product

Client service oriented

Excellent time management, organizational, and verbal and written communication skills

Ability to work on-site or remotely as a valuable contributor to a collaborative team

Capable of simultaneously managing assigned tasks for multiple projects

Full understanding and application of ethics, independence and Schellman's values

Preferred

Certified Red Team Operator (CRTO)

Burp Suite Certified Practitioner

Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges – SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.)

Knowledge of PCI and FedRAMP programs

A passion for identifying and exploiting vulnerabilities

Demonstrated entrepreneurial abilities, client focus, industry savvy, and the ability to work independently or as part of a collaborative team

Self-driven in a remote working environment, motivation to continuously improve your skillset