Lead Associate Principal, Penetration & Vulnerability Testing

The Lead Associate Principal, Penetration & Vulnerability Testing role will work collaboratively with the Security Penetration Testers to develop continuous testing automation tools and increase OCC's security posture. The ideal candidate will have Full Stack Developer experience with a strong enthusiasm for Security.

Requirements

• 6+ years of experience in building high speed, data-centric solutions
• 6+ years experience in Full Stack Development using Java, C#, Go, Rust, Python, or at least one proficient language
• Experience following Git workflows
• Working knowledge of DevOps tools such as Terraform, Ansible, Jenkins, Kubernetes, Harness, Helm and CI/CD pipeline etc
• Familiarity with monitoring related tools and frameworks like Splunk, ElasticSearch, Prometheus, AppDynamics
• Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions
• Exceptional listening and verbal/written communication skills to be able to articulate ideas clearly and concisely
• Enthusiasm for constantly learning new Penetration Testing techniques across multiple areas: Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Open Source Intelligence, and more
• Proven due diligence and research ability via open-source avenues and technology
• Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS)
• Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
• Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
• Strong knowledge in cryptography (symmetric, asymmetric, hashing) and its various applications
• Strong knowledge of common enterprise infrastructure technology stacks and network configurations
• Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols
• Ability to facilitate meetings and conversations
• Ability to work with business users, understand their needs and translate those needs to the final project deliverables
• Experience with high speed distributed computing frameworks like FLINK, Apache Spark, Kafka Streams, etc
• Experience with distributed message brokers Kafka, RabbitMQ, ActiveMQ, Amazon Kinesis, etc. Kafka
• Experience with cloud technologies and migrations. Experience preferred with AWS foundational services like VPCs, Security groups, EC2, RDS, S3 ACLs, KMS, AWS CLI and IAM etc
• Experience developing and delivering technical solutions using public cloud service providers like Amazon, Google Cloud Computing, Digital Ocean, etc
• Experience working with various types of databases like Relational (MySQL, PostgreSQL, etc), Non-relational (NoSQL), Object-based, Graph
• Exposure working with various AI LLM Models
• Experience with common penetration testing tools (Kali, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.)
• Track record of vulnerability research and CVE assignments
• Knowledge of Windows APIs and Living off the Land (LOL) Binaries
• Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls
• Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio)
• Proficient in basic document management in a Microsoft SharePoint environment
• Experience with dedicated document management tools (e.g., DMS, PolicyTech) is a plus
• Experience with using ServiceNow and Jira is a plus
• Programmer Certifications for at least one proficient programming language (Java, C#, Go, Rust, Python, etc) is required
• AWS-related certifications (AWS Certified Solutions Architect, AWS Red Team Expert ARTE, etc.) is highly desired
• Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, etc.) is highly desired
• BS in Computer Science, Information Management, Information Security or other comparable technical degree
• 6+ years experience in Full Stack Development using Java, C#, Go, Rust, Python, or at least one proficient language is required
• 3+ years’ experience in Penetration testing or Information Security environment is highly desired

Benefits

• A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness
• A hybrid work environment, up to 2 days per week of remote work
• Tuition Reimbursement to support your continued education
• Student Loan Repayment Assistance
• Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
• Generous PTO and Parental leave
• 401k Employer Match
• Competitive health benefits including medical, dental and vision