Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools; especially for web applications, required.
Ability to understand, find, verify, and explain security vulnerabilities. Review and ensure the secure configuration of OS and network devices
Experience with security tools such as Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
Proficiency in one of the following scripting languages: Python, PowerShell, LUA, or Bash is a plus.
Experience with reverse engineering, exploit development, mobile, and industrial control systems are a plus.
Ability to research and characterize security threats, and define appropriate countermeasures in client reports
Certifications such as OSCP, OSCE, GPEN, GWAPT, GXPN, CREST Certified, Simulated Attack Specialist (CCSAS), CREST Certified Simulated Attack Manager (CCSAM) are a plus