Ensign is hiring !
Duties and Responsibilities
Conduct penetration testing of systems and applications to identify, document, and present technical vulnerabilities and issues.
Participate and lead Red Team engagements to remotely infiltrate, escalate privileges, and achieve full control of target networks, demonstrating advanced offensive capabilities.
Assist in developing customized remediation plans based on technical findings and client business constraints to strengthen cybersecurity defenses.
Utilize automation tools and techniques to streamline and enhance penetration testing and red teaming processes for improved efficiency and accuracy.
Collaborate with cross-functional teams to assess security controls, technologies, and processes, exposing vulnerabilities and recommending proactive measures.
Research, develop, and ideally present new offensive cyber techniques and security control bypasses to the broader cybersecurity community.
Stay abreast of emerging threats, industry trends, and best practices, integrating new knowledge into penetration testing methodologies and techniques.
Collaborate with clients and stakeholders to provide expert guidance on cybersecurity strategies, risk mitigation, and incident response.
Foster a culture of continuous learning and knowledge sharing within the team and across the organization.
Support pre-sales processes and working with the Business Development team to win new deals.
Requirements
Degree in information security, computer science or related field
At least 2 years of information security exposure
Good working knowledge of relevant standards, security frameworks and regulations (ISO27001, NIST, GDPR, CSL, MLPS, GL20, PDPO, PIPL)
Excellent written and verbal communication skills
Broad knowledge across multiple technical domains and willing to learn
Confident and assured presentation skills – at ease with senior stakeholder engagement
Preferred Skills /Qualities
At least two years of proven experience in conducting penetration testing / red team engagements in diverse environments.
Strong proficiency in developing and executing remediation plans tailored to client business constraints and technical findings.
Demonstrated ability to dive into new industries and technology stacks, adapting quickly to new challenges and environments.
Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework)
Experienced in consulting, including internal and client facing experiences
Ability to independently lead a project and communicate with clients
Excellent communication and presentation skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.