Alpine icon-arrow-right icon-play logo-footer

Alpine Portfolio Careers

Join the Alpine community of PeopleFirst leaders.

Penetration Tester

Ingenio

Ingenio

Quality Assurance
Fairfax, VA, USA · Indianapolis, IN, USA · San Francisco, CA, USA
Posted on Tuesday, April 23, 2024

Before we get started:

Here at Ingenio, we'd love to talk with you regardless of your qualifications or years of experience. If you believe you’d be a great fit for this role, we invite you to apply even if you do not meet all points on the job description.

Who we are:

Ingenio is a global media and technology company developing products that provide guidance on love, relationships, career, and life overall. We are passionate about connecting people with the world’s best advisors and content to empower everyone to live happier lives.
Ingenio offers the world's largest portfolio of over 25 marketplace and media brands in the spiritual and emotional wellness space – led by flagship brands such as Keen and Horoscope.com in the US, Questico and AstroTV in Germany, Purple Garden in Israel and Ukraine, The Circle in the UK, and Kang in France.

How you’ll be impactful:

We are looking for a Penetration Tester who would perform various levels of testing on our Mobile & web apps, APIs, internal & external networks and cloud services to understand the risk exposure of our organization and help mitigate them. This begins with understanding our infrastructure and applications, setting a clear testing methodology, selection of right tools, craft testing protocols and setting up execution plans. Once the tests are complete, reports need to be created with detailed remediation plans with target dates. The remediation plan needs to be diligently executed and keep stakeholders accountable for remediation.

What you’ll be doing:

  • You will be primarily working with the stakeholders from different business units in gaining knowledge about their applications.
  • Review testing scope: Start by reviewing the scope of the application that needs to be tested. This includes understanding the target system's purpose, scope of the test (what's in bounds), and any Business unit specific concerns.
  • Gather Information (Recon): Simulating an attacker, you'll gather information about the target system through open-source intelligence (OSINT) techniques. This might involve searching for publicly available details online or network reconnaissance.
  • Plan and Strategize: Based on the gathered intel, you will need to strategize by choosing specific tools and techniques tailored to the target system's vulnerabilities.
  • Run Vulnerability Scans: Specialized tools are used to scan the target system for weaknesses in software, configuration issues, or misconfigured systems.
  • Analyze Scan Results: You will meticulously analyze the scan results to identify potential vulnerabilities that require further exploration.
  • Exploit Identified Vulnerabilities: Using your expertise and tools, attempt to exploit the identified vulnerabilities to gain unauthorized access, mimicking a real cyberattack.
  • Conduct Post-Exploitation Assessment: Once access is gained, you will explore how far you can penetrate the system and the potential damage that could be caused in a real attack scenario.
  • Document Findings: Throughout the process, detailed notes are taken. After testing is complete, these notes are compiled into a comprehensive report outlining discovered vulnerabilities, exploitation steps, and potential impact.
  • Recommend Remediation Strategies: Create recommendations for fixing the vulnerabilities and improving the overall security posture of the system.

What you’ll need to be successful:

  • At least 2+ years of experience in penetration testing various web/mobile applications and networks
  • 3+ years of experience in Cyber Security and has an understanding of security controls and protocols
  • Solid understanding of Network protocols and configurations
  • Experience with threat modeling concepts and frameworks (CVSS, MITRE ATT&CK, DREAD, etc)
  • Ability to understand the threat landscape and customize testing related to our environment
  • Experience working on hybrid infrastructure platforms (on-prem, Azure, GCP, AWS)
  • Apply OWASP's methodology to web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control
  • Deep understanding of mobile applications and their security configurations
  • Analyze the results from web testing tools to validate findings, determine their business impact, and eliminate false positives
  • Manually discover key web application flaws
  • Experience in using external resources like KVE’s to look for active exploits in the wild and prioritize relevant key findings
  • Develop and deliver high quality reports from the testing that outlines remediation measures

Preferred qualifications

  • Bachelor's Degree in Computer science, Information Technology, Information Systems, or
    equivalent
  • Certifications like GPEN, GWAPT, SCP, OSWP, OSWA, eCPPT, etc

Perks & Benefits:

  • Friendly, talented, collaborative and entrepreneurial team
  • Premium medical, dental, and vision insurance
  • Generous holiday and PTO policies (including Birthday PTO!)
  • Summer Fridays
  • 401k matching program
  • Lunch
  • Technology stipends
  • Wellness allowance
  • Training and development opportunities and allowance
  • Fun and inclusive digital, and (in the future) in-person events
  • Employee groups - DEI committee, fun committee, wellness group and more

Pay Transparency:

The US base salary range for this full-time position is $125,000-$150,000. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.

Why Ingenio:

Our growing team of over 400 employees is powered by our diverse perspectives and company core values:

  • We are humble. We believe the best result is achieved by leveraging others’ perspectives
  • We think like owners. We make decisions that optimize for the greater good of the organization
  • We challenge limiting beliefs. We are at our best when we identify and shatter status quo expectations

Ingenio is an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.