Skills:
OSCP, Web Applications, Mobile Applications,
Certifications required: OSCP (or) CREST CRT (or) GPEN
Responsibility
Plan and execute full life cycle offensive operation. This includes project scoping, resource assignment recommendations, some RFP/SoW work, performing the penetration test, communicating progress with clients, writing professional quality reports, presenting findings to executive and technical audiences.
Effective communication. Writing and presenting are a large part of professional penetration testing. Senior penetration testers are expected to excel at communicating with client audiences (executive and technical audiences) and be a good communicator within the team while collaborating on projects.
Perform application penetration tests. Application pentests often include thick client, API, mobile SDK, and web applications from black, gray, and whitebox perspectives.
Perform network penetration tests. External, internal, and Wi-Fi network penetration testing. Capable of penetrating multiple platforms in enterprise environments. Familiarity attacking Active Directory.
Contribute towards team tool kit, lab, and attack infrastructure. Become regular contributor to team wiki and git repositories.
Ability to train/mentor others in adversary techniques.
Follow primary source cyber security feeds, publications, and articles to remain current on trade craft and vulnerabilities. Capable of curating relevant information and acting on it on engagements or updating internal playbooks.
Interface with clients and staff with professionalism and an overall positive attitude. A variety of problems will arise and will be dealt with but senior staff will pro-actively construct solutions.