Penetration Tester

Join us as a Penetration Tester on our Security Assurance team in the United States to do the best work of your career and make a profound social impact.

What you’ll achieve

As a Penetration Tester, you will conduct and participate in security penetration testing exercises for products and applications in the Dell environment, including enterprise products.  You will collaborate with other internal and external supporting groups on target access and operational issues; and report on and prioritize issues to vendors, security team, and engineering through Dell’s standard escalation processes.  You will also continue to build upon your subject matter expertise in penetration testing through research/reading, training or other methods (e.g. Hack the Box, Capture the Flag competitions, etc.).

You will:

• Develop and maintain tools and techniques for adversarial simulation, vulnerability research, and exploit development
• Provide technical expertise on how to integrate information security controls into enterprise environments
• Provide technical expertise and advice on all areas of security technology, including: network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks
• Communicate new developments, breakthroughs, obstacles and lessons learned to team members and senior management
• Contribute to the development of cybersecurity strategy, policy, standards, and procedures, including support of the continuous development and maintenance of team frameworks and operating procedures

Take the first step towards your dream career

Every Dell Technologies team member brings something unique to the table. Here’s what we are looking for with this role:

Essential Requirements

• 5+ years direct or equivalent experience in areas of penetration testing (web application, host, network), exploit development, fuzzing and designing countermeasures to identified security vulnerabilities/risks
• Knowledge of attack surfaces in web technologies, networks, modern applications (microservices/containers), and operating systems; and should demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools
• Experience with any of the following tools: User and kernel-mode debuggers (Windbg/x64dbg/OllyDbg/Immunity Debugger), IDA Pro, Hex-Rays, Visual Studio, Driver Verifier
• Payment Card Industry (PCI) Data Security Standards
• Skilled in relevant programming and scripting languages (e.g. Python, C/C++, C#, Java, ASM) with the ability to develop custom scripts, exploits, and tools
• US Citizen – may be required to hold a security clearance

Desired Requirements

• Bachelor of Science in Computer Science, Computer Engineering, Electrical Engineering or a related technical field with 8+ years of Information Security experience; or equivalent professional experience
• Familiar with the Metasploit framework
• Relevant cybersecurity certifications (e.g. OSCP, OSCE, OSWP, OSEP, OSWE, OSED, OSEE, GPEN, GWAPT, GXPN, CISSP)
• Cryptography and cryptographic key management concepts
• Published or presented security research or security advisories