Job Summary

Cyber Security Analyst- Penetration Tester

  • Location:
    Spring, Texas
  • Job reference:
  • Category:
  • Contract Type:

Cyber Security Analyst- Penetration Tester
12+ Month Contract
Our client is a global leader within the oil and gas vertical and they are looking for a Senior Cyber Security Analyst with diverse experience in penetration/vulnerability testing for web and thick-client applications in an enterprise environment.

  • Perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
  • Capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
  • Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
  • Create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management


  • Min 3 years experience penetration/vulnerability testing for web and thick-client applications in a large enterprise environment
  • Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database connectivity, etc.
  • Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
  • Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts
  • Minimum 3 years experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
  • Minimum 3 years experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
  • Minimum 3 years experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
  • Preference is for candidates with two or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE

If you are interested, please submit resume for review. **THE MANAGER IS LOOKING TO HIRE IN JANUARY**

Apply Below


Note: Required fields marked with an asterisk (*).


Primary Number
[Ctrl (Cmd Mac) + Click] to select multiple industries
Upload your resume
Terms of Use


Upload your resume using

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Equal employment opportunity information:
EEO is the Law (poster) | EEO is the Law (poster supplement) | Reaffirmation of Affirmative Action Policy Statement