Principal, Penetration Tester

Description

Ingram Micro is the business behind the world’s brands, providing more ways to realize the promise of technology®. We are an integral part of the technology ecosystem, helping our partners grow and thrive through the creation and delivery of Information Technology, Cloud solutions and Lifecycle services. With more than $54 billion in revenue and the ability to reach 90% of the global population, we are one of the world’s largest technology distributors, serving our partners through operations in 61 countries with 29,000 associates.

Ingram Micro has earned Great Place to Work Certification™ for 2022-2023 in the United States! This prestigious recognition reflects our commitment to our people and our culture.

Come join our team where you’ll make technology happen in surprising ways. Let’s shape tomorrow - it’ll be a fun journey!

*This position is located in Irvine, CA or Dallas, TX and has the opportunity for hybrid work with up to three days remote per week.  

Position Summary

We are looking for an experienced and highly skilled Senior Penetration Tester to add to our offensive security team that will be responsible for penetration testing and vulnerability scanning our company’s websites and assets, including IOT devices in our warehouses and logistics centers. The engineer in this role is expected to provide technical expertise to junior engineers, coordinate with senior leadership on projects, and assist the monitoring and response function.

The Senior Penetration Tester role represents the challenge of developing and improving penetration testing processes and procedures, reviewing vulnerability reports, and mentoring junior engineers and analysts. This role will be able to identify cybersecurity risks and work with various internal teams to resolve those risks. The ideal candidate should understand the importance of written reports and possess the ability to communicate results to both technical and business audiences. Most importantly, the role must understand how to quantify risk and prioritize remediation tasks across the company.

This position is based in Irvine, California or Dallas, Texas with the possibility of being hybrid (partial in office and partial work from home) during normal business hours (8am to 5pm) to meet the needs of the client (other IT staff you support). You may be required to work outside normal business hours at times to satisfy different time zones and offshore teams as well as during emergency security incidents.

Key Responsibilities

• Asist to create, leverage automation, continuously develop, maintain and mature Offensive Security Program.
• Be a resourceful part of the talented team responsible for application and infrastructure penetration testing, supporting external vulnerability reports and overall vulnerability management.
• Perform penetration testing coverage across the global organization.
• Perform independent manual penetration tests of cloud and global IT infrastructure, web application, APIs, and IOT devices in our warehouse and logistics centers.
• Work with external vendors when third party penetration reports are required.
• Work closely with on- and off-shore testing teams and external vendors (when third party input is required) to test and deliver quality penetration reports.
• Provide appropriate knowledge transfer to off-shore testers to assist in testing efforts
• Review all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities.
• Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Coach and mentor junior engineers in penetration testing techniques.
• Ensure knowledge creation around common vulnerabilities within the landscape and corresponding remediation practices.
• Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company.
• Utilize penetration testing tools, custom scripts, exploits, related automation, and innovation.
• Establish priorities over near-to-medium term.
• Build processes that speed up the discovery and resolution of findings.
• Work closely with developers and architects on identifying security issues early in the development cycle.

Skills & Experience

• Preferred 5+ years of strong hands-on experience in application and network penetration testing, vulnerability risk management and providing remediation recommendations.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Experience with cloud service providers and their offerings.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Experience using vulnerability scanning software such as Nessus, teanable.io, tenable.sc, or similar.
• Strong technical understanding of CVSS, OWASP Top 10, SANS top 25, and Vulnerability Exploitability ratings
• Experience with multiple Operating systems (Linux, Unix, Windows)
• Development and/or architecture familiarity mobile applications, specifically iOS and Android
• Penetration testing experience with DevOps related technologies such as Docker, Kubernetes, and CI/CD tool environments.
• Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices)
• Strong programming experience and the ability to code exploits in at least one language, including but not limited to Ruby, Python, Powershell, or BASH.
• Experience using Metasploit, Burp Suite, Nmap, and security assessment focused Linux distributions, such as Kali.
• Ability to execute and demonstrate known exploits as well as writing custom exploits to target specific security weaknesses.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
• Preferred Certifications: OSCP, OSCE, OSEE, OSWE, GWAPT, GPEN, GXPN, or equivalent certification, work experience, or skills.

Job Qualifications and Educational Requirements

• Bachelor’s degree from an accredited University or equivalent experience.
• A year or more working in a "work from home" / remote capacity if working remote.
• Work Experience: 5+ years of penetration testing, red teaming, or similar experience.
• Provide three current work references & pass a criminal background check.
• Pass a proficiency exam related to the role.

*This is not a complete listing of the job duties.  It’s a representation of the things you will be doing, and you may not perform all these duties.

Please be prepared to pass a drug test and successfully pass a pre-employment (post offer) background check that includes verification of vaccination status.

Ingram Micro requires all new associates to be fully vaccinated against COVID-19. Therefore, this position requires applicants to submit proof, prior to start date, that the successful applicant is fully vaccinated against COVID-19. Ingram Micro will comply with applicable laws regarding the reasonable accommodation of individuals with disabilities and/or sincerely held religious beliefs.  Applicants will be notified of the requirements of Ingram Micro’s COVID-19 policy and process for verification of vaccination status prior to the start of employment. 

Ingram Micro believes there is no place in our society for social injustice, discrimination, or racism. As a company we do not – and will not – tolerate these actions.

Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.