Full-Time

Lead Penetration Tester

Posted on 11/16/2024

Blue Yonder

Blue Yonder

1,001-5,000 employees

Data & Analytics
Enterprise Software
AI & Machine Learning

Compensation Overview

$120.3k - $151.7kAnnually

+ Annual Performance Bonus + Commission Program

Expert

Remote in USA

Category
Cybersecurity
IT & Security
Required Skills
Microsoft Azure
AWS

You match the following Blue Yonder's candidate preferences

Employers are more likely to interview you if you match these preferences:

Degree
Experience
Requirements
  • 10+ years of Penetration Testing, Ethical Hacking and/or Red Teaming experience.
  • Must have worked with products/tools such as Qualys, Tenable, Nexpose, Metasploit, Core Impact, Burp Suite, Cobalt Strike, etc.
  • Certifications such as OSCP, OSCE, CRTP and/or GPEN.
  • TTP (Tactics, Techniques and Procedures) such as Mitre Framework.
Responsibilities
  • Create and maintain a solid penetration testing program for the organization, a key role within security organization
  • Conduct all the penetration activities for the Blue Yonder infrastructure
  • Co-ordinate customer requests for penetration testing
  • Focus on all the phases of penetration testing including, Information gathering, scanning, execution, post-exploitation, custom/meaningful reporting, remediation activities
  • Out of several thousand assets, identify the assets that need prioritization to be assessed
  • Potential to expand to a Red team with a focus on validating the security controls and security tools that are in place
  • This candidate would ultimately create awareness about the extent of compromise one could make with the current security posture – so that the asset owners can truly understand the security posture of their products and their network
  • Creates processes for the penetration testing program considering all the phases of the program
  • Leverage vulnerability scan results from all the scanners
  • Leverage threat intelligence information to raise the bar on Pen Testing program
  • Evaluate threats, vulnerabilities and risk in cloud platforms like Azure, AWS, etc.
  • Be responsible for not only identification of results but to provide solid feedback to the stake holders and to reduce the risk exposure
  • Capable of validating security controls that are in place with the organization like intrusion prevention systems and intrusion detection systems, etc.
  • An expert in post exploitation to truly determine the extent of compromise, upon identifying vulnerabilities
  • Describe the root cause and impacts to the asset owners
  • Demonstrate the risk through verbal and video demonstration in layman terms as needed
  • Reduce the open vulnerabilities by providing remediation guidance and feedback as needed
  • Document and track all the hacking activities for Management and auditors
  • Represent the team for internal and external auditors as needed
  • Review reports for each assessment before it is sent to the asset owners or to the customers
  • Participate in and assist with incident response team, as appropriate
  • Generate metrics for the Management as needed
  • Prepare system security reports by collecting, analyzing, and summarizing data and trends
  • Any other security related duties assigned by the Management.
Desired Qualifications
  • Bachelor’s degree in information security, MIS, or Computer Science highly preferred.
  • Deep and diverse experience architecting and implementing network security designs.
  • Expertise in network security, system security and endpoint security.
  • Education and experience in public cloud infrastructure such as Microsoft, Google, AWS, or IBM.
  • Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.
  • Ability to work in different shifts to partner with the global team.

Company Size

1,001-5,000

Company Stage

Late Stage VC

Total Funding

$73M

Headquarters

Scottsdale, Arizona

Founded

2008

Simplify Jobs

Simplify's Take

What believers are saying

  • AI-driven optimization enhances Blue Yonder's supply chain solutions.
  • Digital twins offer Blue Yonder expansion in technological capabilities.
  • Blockchain integration increases transparency and security in Blue Yonder's platform.

What critics are saying

  • Integration challenges with One Network Enterprises may disrupt operations.
  • Rapid acquisitions could strain Blue Yonder's financial resources.
  • Increased competition from SAP and Oracle in supply chain solutions.

What makes Blue Yonder unique

  • Blue Yonder is creating a unified end-to-end supply chain platform.
  • The company is investing heavily in acquisitions, totaling $1 billion since Q4 2023.
  • Blue Yonder is focusing on AI-driven supply chain optimization.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Dental Insurance

Vision Insurance

401(k) Retirement Plan

401(k) Company Match

Unlimited Paid Time Off

Corporate Fitness Program

Pet Insurance

Company News

Blue Yonder
Mar 29th, 2024
Blue Yonder Announces Binding Agreement To Acquire One Network Enterprises for Approximately $839 Million To Create Multi-Enterprise Supply Chain Ecosystem

The deal will mark approximately $1 billion of investments in acquisitions since Q4 2023 and positions Blue Yonder to provide a unified end-to-end supply chain platform and collaboration ecosystem DALLAS and SCOTTSDALE, Ariz. – March 29, 2024 – Blue Yonder, a leader in digital supply...

Enterprise Times
Feb 10th, 2020
News from week beginning 3rd February

Highlights this week include a massive study by ADP into the Gig Economy. QuickBooks, Pegasystems and AutomationAnywhere also published some interesting findings. There were also several product updates and launches in Australia. These including announcements by ECI, Microsoft, Oracle and Xero.

Enterprise Times
Feb 3rd, 2020
News week beginning 27th January

Taking a look at News week beginning 27th January with SAP, NTT Ltd, Nintex, Oracle, ServiceNow, Namely, Wavemaker and others .

INACTIVE