H&R Block is seeking an experienced Penetration Tester to conduct full-scope vulnerability assessment and penetration testing. The Penetration Tester must be able to plan, coordinate, and perform red team and penetration testing technical assessments. Maintain communication between system owners and the assessment team, including before, during, and after test events. Develop test plans and perform management and administrative functions for the assessment team, including data gathering, exploit approval, and report generation after test activities. Maintain assessment team processes and procedures and manage the maintenance of the standardized testing platform.
Responsibilities will include:
Plan, communicate, coordinate and perform penetration tests and security assessments at application, system and enterprise level.
Develop all Rules of Engagement, scoping documents and reports
Perform manual penetration tests and validation of vulnerability scan results.
Develops automation/scripts for replicating vulnerability validation and penetration tests.
Develop SOPs and architect all penetration testing and security assessment methodologies.
Devises plans and scenarios for various types of penetration tests.
Documents exploits and results in remediation and final report.
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.
Selects, installs, and configures security testing platforms and tools or develop tools and procedures for vulnerability assessments and penetration tests.
Contributes to application of FISMA compliance mechanisms, including NIST SP 800 series, with the addition of sound methodologies in lieu of weakly-defined and subjective scores.
Performs vulnerability assessments using automated tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
Performs off-hours work as necessary.
Experience in penetration testing large and complex enterprise networks
Experience with utilizing penetration testing methodologies
Experience with web and mobile applications, databases, operating systems
Experience with regulatory compliance, policy development, and policy enforcement
Experience with FISMA compliance and the NIST SP 800 series
Experience with DISA STIGs or similar secure configuration guidelines.
Experience in the roles identified above
At least 3+ years of penetration test experience
Excellent communication and interpersonal skills
Hands-on OS configuration/administration experience
Programming experience with focus on penetration testing or process automation
Experience with cyber security development projects and programs
Experience with process development and deployment
Experience with the following technologies:
Experience with three or more of the following:
Security COTS integration
Security Incident Event Management
Operating System Hardening
Vulnerability Assessment testing
Identification and Authentication schemes
Public Key Infrastructure and Identity Management
Cross Domain Solutions
Excellent writing skills
H&R Block, Inc.