PENETRATION TESTER (Remote)

Emagine IT is seeking an immediate hire for a Penetration Tester to join our remote Commercial Services Team.

This role involves conducting Penetration Tests, Threat Hunting exercises, and other advanced Continuous Monitoring Activities within cloud environments. Success requires a strong understanding of security controls and testing methods to evaluate their effectiveness. You will collaborate with an experienced Sr. Consultant Project Lead, handling technical sections and delivering client-ready reports.

Responsibilities include:

1. Executing testing procedures per NIST SP 800-53A Revision 4.
2. Testing for vulnerabilities across network, cloud, web, and mobile environments.
3. Performing Social Engineering campaigns, including email phishing, spear phishing, and pre-text calling, with creation of landing pages and embedded payloads.
4. Developing Rules of Engagement, Penetration Test Plans, reports, and presentations for client engagements.
5. Recommending security improvements based on findings, aligned with NIST controls.
6. Focusing 75% of time on Penetration Testing/Threat Hunting and 25% on Advisory/Consulting.
7. Using tools such as Kali Linux, Social Engineering Toolkit, Burp Suite, Nessus, Metasploit Framework, and understanding the MITRE ATT&CK Framework, coding (Python, Ruby), and SQL testing.

Travel expectations: Less than 25%.

Minimum qualifications:

• Bachelor's degree or equivalent experience.
• At least 3 years in IT with familiarity in NIST SP 800 series, PCI-DSS, SOX, HIPAA.
• Strong communication skills for technical and non-technical audiences.
• Experience with NIST frameworks, ability to lead small assessments, and artifact collection.
• Certifications such as CISA, CISM, CRISC, CGEIT, CCSP, CISSP, CAP, and a Penetration Testing Certification (OCSP, GIAC-GPEN, LPT).
• Capability to perform