Penetration Tester (Security Specialist, Technical)


Cybersecurity Service Manager



Start Date:


Travel Requirements:

Up to 50%

Position Description

The Security Specialist, Cybersecurity Technical is a member of the Technical Cybersecurity unit and consults with clients on web and mobile application security, as well as network and system vulnerabilities. The Security Specialist will be responsible for conducting penetration testing of external, internal, wireless networks and web/mobile applications, as well as performing social engineering assessments. The Security Specialist, Cybersecurity Technical position is a critical team member and is essential to the delivery of security services at GreyCastle Security.

Technical Cybersecurity Team

This position will be joining the Technical Cybersecurity Team. Of the three core components of cybersecurity - people, process and technology - the Technical Cybersecurity Team focuses primarily in technology, while also supporting the other units. The Technical unit is comprised of Penetration Testing, Vulnerability Assessment and Incident Response.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Perform external, internal, and wireless network penetration tests
  • Perform web and mobile application penetration tests
  • Perform physical and social engineering penetration tests
  • Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders
  • Initiate and participate in process improvement
  • Supports Technical Services team leaders as they assess and consult with clients in delivery of technical services, including Penetration Testing, Vulnerability Assessment and Incident Response
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Act as a cybersecurity resource for GreyCastle Security clients
  • Supports senior members in all aspects of security and risk management
  • Performs other duties as assigned
  • Corporate Responsibility

    Information security is everyone’s responsibility. GreyCastle Security employees are responsible for:

  • Understanding and following GreyCastle Security’s information security policies and procedures
  • Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security
  • Actively participating in GreyCastle Security’s efforts to maintain and improve information security
  • Other job duties and responsibilities as assigned

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Position Type/Expected Hours of Work

This is a full-time position, and hours of work and days are Monday through Friday, 8:00 a.m. to 5 p.m.

Required Skills and Qualifications

Technical Skills and Experience

  • 1-2 years of experience conducting network penetration testing
  • 6-12 months of experience conducting web/mobile application testing
  • Strong understanding of system architecture and design, operating systems, network infrastructure, device configuration hardening, and patch and configuration management
  • Experience with programming or scripting languages such as Python, PowerShell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc
  • Experience with penetration testing frameworks and tools, such as Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap, etc
  • Familiarity with security testing standards such as OWASP, NIST SP 800-115, and PCI penetration testing requirements
  • Experience with Web application, Mobile application and API technologies
  • Knowledge of emerging security technologies, software, and methodologies
  • Familiarity with a broad range of computing platforms and network protocols
  • Proficiency with Windows, Linux and other operating systems
  • Proficiency with Microsoft Office, including PowerPoint

Job Skills

  • Outstanding communication skills, both written and verbal
  • Outstanding organization skills, attention to detail a must
  • Outstanding decision-making ability
  • Uncompromising ethics
  • Energetic and positive attitude
  • Willingness and ability to work in a controlled, confidential environment
  • Willingness and ability to work in a team-oriented, fast-paced environment
  • Willingness and ability to work relentlessly towards goals and deadlines

Desired Skills and Qualifications

  • Social Engineering and Testing
  • Physical Security Testing

Required Education and Experience

At least one (1) of the following Industry-recognized certifications, in good standing:

  • Offensive Security Certified Professional (OSCP) Certification
  • Offensive Security Certified Expert (OSCE) Certification
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification
  • GIAC Penetration Tester (GPEN) Certification
  • GIAC Web Application Penetration Tester (GWAPT) Certification

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Equal Opportunity Employer

GreyCastle Security is an equal opportunity employer, and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status, or any other protected factors or classes.

GreyCastle Security is a Drug Free Workplace. All employment offers are contingent on passing a background screening and drug screen test.