At ZoomInfo we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. If you are collaborative, take initiative, and get stuff done we want to talk to you! We have high aspirations for the company and are looking for the right people to help fulfill the dream. We strive to continually improve every aspect of the company and use cutting-edge technologies and processes to delight our customers and rapidly increase revenue.
As the Security Pentester and Researcher, you will report to the Senior Manager, Offensive Security, and will be responsible for all aspects of information security across multiple offices and regions. Also, interface with security partners in other business lines to understand our products in-depth and using these and other sources of information plan and prepare attack targets.
The responsibilities of this opportunity include:
Performing web and dark web research into exploits, info that place the company at risk.
Plan attacks by defining scope, type, internal, external, authenticated.
Select, design and make use of freeware, commercial tools and exploits for testing.
Perform penetration testing on web-based and mobile applications, infra and WiFi.
Document methodologies for white box testing, or in some cases black box.
Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from earlier stages to identify vulnerabilities that the tools may not see.
Review your findings and feedback with internal teams.
Analyze the outcomes and make tangible recommendations for security improvements.
Assist with vulnerability scanning, automation and patch management.
Perform web research and deep dark web research into vulnerabilities and things that could impact our business objectives or the stability of the company.
Carry out application, network, systems and infrastructure penetration tests.
Evaluate and select from a range of penetration testing tools.
Keep up to date with latest testing and ethical hacking methods.
Deploy the testing methodology and collect data.
Report on findings to a range of stakeholders.
Make suggestions for security improvements.
Enhance existing methodology material.
Track actions and formal and structured way to enable KPI reporting and measurements.
A successful candidate will have the following qualifications:Certified Register of Ethical Security Testers (CREST)
- Cyber-security certifications (CHECK, CTM, CTL, CREST, TIGER, OSCP)
- A degree in computer security, computer science or equivalent
- Recognised security testing certifications (GIAC, CEH)
- Dark web and web research for data repositories and vulnerabilities.
- Research into ZoomInfo and vulnerabilities that may be known or exploits
- Planning and executing penetration tests with the larger team.
- Penetration testing experience of web-based applications, infrastructure, mobile and networks.
- Solid knowledge and experience of using a variety of penetration testing or threat modelling tools including open source and commercial
- Experience of threat reporting and assessing vulnerabilities based on industry standards
- Identifying threats using threat risk modeling and creating solutions or mitigation approaches
- Proven ability to understand and meet client needs, build relationships and develop a positive dialogue
- Adept at explaining technical jargon to non-technical parties
- Scripting skills and reverse engineering experience is desirable
- Past experience of using problem solving techniques and developing solutions to meet vulnerability threats
For over a decade, ZoomInfo has helped companies achieve their most important objective: profitable growth. Backed by the world's most comprehensive B2B database, our platform puts sales and marketing professionals in position to identify, connect, and engage with qualified prospects.
Our mission is to provide every company with a 360-degree view of their ideal customer, empowering each phase of their go-to-market strategy and driving their ability to hit their number.