Penetration Tester II

Black Knight, Inc.

Job Description
Position:Penetration Tester IIJob Description: Black Knight is the premier provider of integrated technology, services, data and analytics that lenders and servicers look to first to help successfully manage the entire loan life cycle. Our deep understanding of regulatory and compliance issues complements the knowledge, technology and solutions we offer to help our clients achieve their business goals. Black Knight offers leading software systems; data and analytics offerings; and information solutions that facilitate and automate many of the business processes across the mortgage life cycle. JOB FAMILY DESCRIPTIONProfessional technical role responsible for security assurance by protecting the company from dynamic and evolving threats. Utilizes expansive knowledge of threat actor tactics, techniques and procedures (TTPs) to perform in-depth penetration tests against enterprise assets, applications, networks and associated technologies. Monitors and research emerging and advanced cybersecurity threats, as well as assesses customer facing applications, systems, and data. Investigates and researches new and emerging trends, repeating trends, attacks, malicious intellectual properties, and other abnormalities. Minimizes data exposure risks by meeting all company and regulatory requirements while developing and implementing business solutions. Identifies and documents security vulnerabilities taking appropriate action to provide remediation recommendations as a means of eliminating or reducing risk concerns.GENERAL DUTIES & RESPONSIBILITIES+ Detects and analyzes threat activity for the identification of advanced persistent threats and malware in real-time while also researching emerging threats. + Conduct security assessments and perform adversary simulations using open source or custom tools against a predetermined timeframe and target list+ Possess ability to review, modify and develop scripts with Python, PowerShell, Bash, JavaScript, Java, PHP or other related languages to automate processes and exploit applications/systems+ Participate as member of Red Team on Purple Team engagements, trainings, and quarterly objective based assessments. Follow industry best practice methodologies for penetration testing and be familiar with associated tools for assessments+ Investigates and analyzes events possible incidents that target the company and pose an imminent risk to the company, its employees and customers. + Plans, directs and facilitates response and recovery activities in response to a threat. + Provides operational briefings and threat intelligence reports that provide a complete interpretation of the risk to the company and clients. + Conducts scan reviews and provides recommendations to management regarding filters, blocking, vulnerability remediation, etc. + Research hackers and hacker techniques and provide detailed briefings and intelligence reports to management. + Conduct analysis of intelligence data as it pertains to the security of the Client. + Collaborate with intrusion analysts to identify, report on, and coordinate remediation of threats to the company and its clients. + Conducts Security vulnerability assessments of Web, Desktop Applications, and Web Services. + Performs other related duties as assigned. EDUCATIONAL GUIDELINESBachelors Degree in Computer Science, Information Systems, Computer Engineering or the equivalent combination of education, training, or work experience. Professional certification such as CISSP, GXPN, GWAPT, GPEN, GWEB, GSSP, or CEH is preferred.GENERAL KNOWLEDGE, SKILLS & ABILITIES+ The ability to evaluate information security risk implications Knowledge of relevant legal and regulatory requirements + Strong working knowledge and experience with the following OS: Kali, Linux Distros, Windows OS, Mac OS+ Strong working knowledge and experience with the one or more of the following tools: Metasploit, Burp Suite, Wireshark, Network Mapper (NMAP), Impacket, Hashcat, John the Ripper, PowerSploit, Bloodhound, Cobalt Strike, Covenant, and other vulnerability ethical hacking tools+ Familiarity with one or more of the following languages: Python, Perl, C#, C++, JavaScript, Java, PHP, PowerShell, Bash+ Knowledge of common information security management frameworks + Experience working with a diverse range of data sources/streams and managing these effectively + Excellent analytical, decision-making and problem solving skills with proficiency in project management + Strong understanding of developing and deploying analytical tools and technologies to cybersecurity challenges + Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, defend the analysis, and apply attribution to cyber threat activity + Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits + Knowledge of common application vulnerabilities (OWASP Top 10) + Ability to build intrusion-related data visualizations and perform analysis + Knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection, etc.) + Ability to develop partnership-oriented relationships with business executives and functional leaders + Strong background in security operations, process, solutions and technologies + Strong knowledge in Secure Software Development and Secure Coding best practices + Strong understanding of policy, compliance, and best practice security principles + Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks Experience with network intrusion detection and response operations + Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy Experience with enterprise risk assessment methodologies + Must be able to multitask in a fast-paced environment with focus on timeliness, documentation, and communications with peers and business users alike + Detail oriented, able to translate identified vulnerabilities and resolutions into detailed reports into terms that clients and senior management understand easily+ Results oriented, business focused, and successful at interfacing across multiple organizational unit Threat Intelligence Analyst IIIntermediate professional level role. Works independently on many IT security projects as a project team member, more frequently as a project leader. Works on large, complex security issues or projects that require increased skill in multiple IT functional areas. Requires extensive knowledge of security issues, techniques, and implications across all existing computer platforms. May manage or serve as a project leader for IT security projects or the security components of multi-discipline projects. Must have working knowledge in networking, databases, systems, and/or Web operations. May coach more junior staff. Typically requires three (3) or more years of combined IT and security work experience with extensive exposure conducting network security vulnerability assessments, penetration testing, or other related experience using advanced networking tools and security solutions as well as non-traditional techniques and methodologies and at least two (2) or more years of experience intelligence collection, analysis, and reporting process/procedures or two (2) or more years of experience in bug bounty programs, security research, or cyber security training in the military. Black Knight is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, and protected veteran or military family status. Our employees diversity is our strength, and when we embrace our differences, it makes us better and brighter. Black Knights commitment to inclusion is at the core of who we are, and motivates us in how we do business each and every day. Location:Jacksonville, FLTime Type:Full time