Remote Penetration Tester

At Philadelphia Company, we believe that technology should support and enhance your organization’s success, not constrain it. With our wide range of best-in-class services, we provide customized solutions that fit your unique IT needs. We’re committed to excelling at our job so you can focus on doing yours.

Summary

The ideal candidate will have a security mindset and the ability to think outside the box, contributing to a team of highly motivated and skilled information security practitioners. As a Security Consultant and Penetration Tester the main goal is to balance both security and business imperatives using a risk based approach and to validate security controls by performing penetration tests across the organization. This individual will conduct information security penetration tests as well as provide security consulting and advisory in one or more of the following fields: application, network, platform/OS security, and biomedical devices. Main responsibilities include assessing the security posture of existing environments, identifying risks, recommend remediation plans.
The role requires the ability to successfully pentest an environment and then to strategize and architect security solutions to help remediate deficiencies. Pentests can be initiated by the Technology Risk Office or our clients within the various portfolios such as Health Plan, Care Delivery, and Corporate Services, just to name a few. The candidate will also have close working relationship with both IT and the Business. This means that the candidate will be working directly with project personnel, business application owners as well as management teams. Therefore, the ability to speak in both technical and business terms is crucial; meaning as subject matter expert, the candidate should be able to articulate information security requirements and risks in business language.

General Requirements

    Excellent analytical skills to compliment strong written and verbal communication skills.
    Excellent interpersonal, motivational, organizational, persuasive and project management skills.
    Proven ability to work effectively with management, staff, vendors, and external consultants
    Ability to think outside the box and to 'think evil.' Capable of conducting pentests on applications, systems and network utilizing proven/formal processes and industry standards.
    In depth understanding of emerging threats and vulnerabilities, as well as how they may be exploited.
    Capable of managing multiple pentest engagements from cradle to grave at the same time
    Understanding of security risk assessment methodologies. Ability to assess both technical and business risks as it pertains to information security. Be able to articulate risk in a manner that can be understood by non-technical audience.
    Good understanding of regulatory climate and industry standards such as SOX, HIPAA and PCI
    respectively.

Basic Qualifications

    Bachelor's degree in Information Systems, Computer Science, Engineering, Mathematics and/or a minimum of 4 years of equivalent work experience.
    A minimum of 3 years of experience in Information Technology and/or Technology Consulting.
    A minimum of 3 years of demonstrated ability in two or more of the following: application security, network security, or platform/OS security in engineering, architecture or consulting capacity. Prefer consulting background.
    A minimum of 2 years of penetration testing or ethical hacking either for a consultancy or a large enterprise.
    Ability to synthesize and abstract complex data/information, and lead complex decision processes to produce strategic solutions that enhance “the client” competitiveness. Solutions are timely,
    cost effective and of high quality.
    Excellent verbal and written communication skills, including the ability to translate complex technical concepts into understandable terms and is able to tailor communication to audience, mediate and facilitate communications between others, and communicate architecture to all levels of management and customers.
    Ability to gain buy-in from stakeholders to resolve significant architecture issues.
    Demonstrated ability to lead technical teams across functional areas or “the client” in projects or initiatives or leads technology direction at the highest solution architectural level.
    Experience in "building up" a solutions architecture team.
    Ability to transfer knowledge, educate in area of expertise, mentoring other staff.
    Demonstrated ability in selection and deployment of new and emerging technology.

All your information will be kept confidential according to EEO guidelines.