Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS) and is seeking a Senior Security Consultant specializing in Kubernetes Penetration Testing. The role involves executing penetration tests, creating reports, and collaborating with clients to enhance their security posture.
Responsibilities
- Execute Kubernetes penetration tests against cloud-hosted and self-managed environments
- Create attack narratives and findings-based penetration test reports for clients
- Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes
- Collaborate with clients to create remediation strategies that will help improve their security posture
- Act as a resource for internal team members as it relates to in-depth technical questions or best practices in Kubernetes
- Assist in QA review of Kubernetes engagements
- Contribute to the information security community through the development of tools, presentations, white papers, and blogs
Skills
- Bachelor's degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience
- 5 years combined experience performing offensive/attack-oriented penetration tests against Kubernetes and at least one of the following: cloud environments, web applications or thick client applications
- Deep hands-on experience with Kubernetes clusters
- Recognized Penetration Testing specific qualifications such as GXPN, OSEP, OSCP, OSWE or similar certifications
- Kubernetes related certification such as CKA, CKS or similar
- Strong communication, presentation, and writing skills
- Experience performing security focused configuration reviews
- Demonstrable knowledge in the following areas: Exploiting workload misconfigurations in Kubernetes clusters such as RBAC-based privilege escalation, exploiting sensitive kernel capabilities, bypassing admission controls and executing well-known container breakout techniques
- Understanding of security best practices for containers and the feasibility of applying those practices
- Network pivoting from a Kubernetes cluster into cloud or other cluster-adjacent/exposed services
- Utilizing OWASP Top 10 vulnerabilities to explore attack surface of Kubernetes workloads
- Experience with offensive toolkits for both cloud and network penetration testing
- Programming/scripting experience in one or more of the following languages: Python, Go, Bash
- Experience researching new Kubernetes features and related cloud service offerings with the goal of identifying misconfigurations and vulnerabilities
Company Overview
Company H1B Sponsorship