We have a tremendous opportunity for a senior level client service professional to work in the Enterprise Risk Management (ERM) team.  This hands-on role would involve technical security assessments of applications and infrastructure, security design reviews as well as risk assessments.  A qualified applicant would have strong technical skills from the hardware to the application layer.

As a penetration tester, you will be responsible for evaluating the security of an organization’s IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie.  Simulated attacks on networks, firewalls, operating systems and web applications are at the heart of the job. Being able to identify those weaknesses and report on the findings is the next step. Dealing with a range of internal and external clients, it is important that anyone in this role is as comfortable with the technical aspects as the communication of it. A penetration tester can also be known as a white-hat hacker or an ethical hacker.

• Plan the penetration test
• Select, design and create appropriate tools for testing
• Perform the penetration test on computer systems, networks, web-based and mobile applications
• Document your methodologies
• Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from earlier stages to identify vulnerabilities that the tools may not see
• Review your findings and feedback to clients
• Analyze the outcomes and make recommendations for security improvements
• Conduct network and web application penetration testing, code reviews, and social engineering
• Participate in red team engagements
• understand/practice evasion, obfuscation, privilege escalation, and lateral movement techniques in Windows and Linux.
• Conduct security assessments on a wide variety of technologies and implementations
• Simulate sophisticated cyberattacks to identify vulnerabilities for clients worldwide
• 3+ years’ experience in information security with web application and/or network penetration testing experience
• Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
• Hands-on experience engaging clientele in consulting-related environments
• An aptitude for technical writing, including assessment reports, presentations and operating procedures
• Strong understanding of security principles, policies and industry best practices
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
• Experience with API testing and Mobile Application testing
• Working knowledge of defensive security techniques and technologies
• Experience in exploit development
• OSCP/E, GWAPT, GPEN, GXPN, and eLearnSecurity certification(s)
• Familiarity with debuggers and disassemblers

HOURS/LOCATION:

• This is a full-time opportunity.
• Some travel to client locations is required.
• Office hours are 8am - 5pm.  Our summer hours are 8:00am – 5:00pm Mon-Th; 8am – 12pm Fri.  The ability to work additional hours during peak time is critical. 

The Bonadio Group is one of upstate New York’s largest, most respected and fastest growing independent CPA and Financial Services firm. We are consistently rated as a “Top 40 CPA Firm” and one of the “Best Accounting Firms to Work For”, in the country! When you join The Bonadio Group, you’ll get the opportunity to work with great people and great clients and make a difference.  With our notable mentoring and training programs, you’ll be able to tackle more interesting issues; and with our local and national presence, you’ll get a chance to work with more interesting people.  Best of all, you’ll get an opportunity to work with great people, great clients, and make a difference.

We are an Equal Opportunity/Affirmative Action Employer