Security Pen Tester
Role and Responsibilities
The Security Pen Tester is
primarily responsible for leading efforts to assess risk through automated and
manual testing and to identify potential weaknesses in applications and systems.
A penetration tester is a very hands-on representative of the information
security team. This role is highly technical, and candidates must possess a
solid understanding of information security, preferably with a strong computer
science background. Pen testers must understand applications, networking and
various operating systems, along with various tools and frameworks.
Penetration testers must
constantly search for system and application weaknesses to exploit, but they
are also expected to maintain a level of professionalism at all times. The
position must collaborate with others on the team for remediation and
additional validation, as well as contribute to other collaborative approaches
driven by the security team strategy, such as purple teaming, to enhance
skillsets for both red and blue team members.
While some automated tools
will be leveraged, the penetration tester must posess hands-on expertise with a
variety tools to simulate attacker tactics, techniques and procedures (TTPs).
In addition to stealthy engagements, however, penetration testers must also
participate in visible and announced assessments for new and existing services,
infrastructure and applications to help the team identify weaknesses before an
Document and formally report testing initiatives, along with remediation recommendations and validation.
Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
Develop and maintain tools and scripts used in penetration testing.
Support purple team exercises designed to build strength across disparate teams.
Train offensive and defensive colleagues on new TTPs and mentor junior teammates.
Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization’s security posture against them.
Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
Occasionally attend and participate in change management policy discussions and meetings.
When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention).
Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Collaborate and partner with external pen test vendors.
Perform other duties as assigned.
Qualifications and Education Requirements
Bachelor's degree in computer science, information assurance, or related technical field or equivalent.
At least 7 years’ experience in information security administration, offensive tactics, monitoring and IR. At least 3 years’ dedicated experience conducting
penetration testing/red team engagements as a consultant or previous role in a
professional organization. Proficient in scripting languages such as Python, PowerShell, Bash and Ruby. Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit. Strong operating system knowledge across *nix, and Windows; proficient with networking protocols. Ability to obtain and maintain persistence within corporate systems, while avoiding detection. Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Current certifications such as OSCP, OSCE, CEH, GPEN, GWAPT, CISSP or other relevant certification. Self-starter requiring minimal supervision. Highly organized and efficient. Excellence in communicating business risk and remediation requirements from assessments. Analytical and problem-solving mindset. Demonstrates strategic and
tactical thinking, along with decision-making skills and business acumen.
candidates will be a self-starter, can manage multiple projects/initiatives at
once, with experience in multiple information security management and monitoring
tools. Work in fast paced, global, and highly technical environment.
About the Company:
FLEETCOR Technologies, Inc. (“FLEETCOR”) is a leading global provider of business payment solutions. We help companies of all sizes control, simplify and secure payment of various domestic and cross-border payables using specialized payment products. We serve businesses, partners, merchants, consumers and payment networks in North America, Latin America, Europe, and Asia Pacific.
- $2.6B Annual Revenue
- 100+ Countries
- 2.0B+ Transactions per Year
- 8,500+ Employees
(as of December 31, 2019)
Our payment solutions provide our customers with a payment method designed to be superior to and more robust and effective than what they use currently, whether they use a competitor’s product or another alternative method such as cash or check. We group our payment solutions into five primary categories: Fuel, Lodging, Tolls, Corporate Payments and Gift. Each category is unique in its focus, customer base and target markets, but they also share a number of characteristics: customers are primarily businesses, have recurring revenue models, have specialized networks which create barriers to entry, have high margins, and have similar selling systems.
FLEETCOR enjoys global recognition including:
- Forbes Global Growth Champion – FLEETCOR is one of the 250 fastest growing companies in the world as determined by Forbes and Statista
- Forbes World’s Most Innovative Companies – FLEETCOR has made this prestigious list of leading innovative companies 4 years in a row!
- Fortune 1000 Company – FLEETCOR was one of the largest movers in the new rankings of the largest companies in America, ranking #872
- S&P 500 – In 2018, FLEETCOR joined the S&P stock index comprised of the 500 leading US stocks based on market cap (company value)
Despite many advances in our industry, the majority of business payments are still made with outdated and inferior payment methods, such as checks and cash. We envision a business world where every purchase is controlled, every payment is digital, and every payment-related decision is well-informed. In this future paperless state, payments will require little to no time to manage, leaving companies with more time for what matters most: activities that grow their businesses.
FLEETCOR’s mission is to provide businesses with a better way to pay, by replacing outdated payment methods such as checks and cash, and displacing the incumbent providers of those methods. Through the digitalization of payments, we create and support robust ecosystems which benefit all participating constituents: payment-making customers, payment-accepting merchants, tax-collecting governments, and FLEETCOR.
FLEETCOR is a growth company, and we employ a simple three-prong strategy for growing our business:
- More Customers. We invest more than $200 million per year in sales and marketing, predominately focused on new customer acquisition. We continue to scale existing sales channels and headcount, enable our sales people with demand generation and other tools, and launch new distribution channels both internally and through partners such as ERP software providers, telematics companies, and banks. We will also grow our customer base inorganically through acquisitions.
- More Spend. We seek to leverage our existing customer relationships and capture greater share of their business payment expenditures. As such, we have developed various “beyond” initiatives, where we extend the utility of an existing payment product without degrading the core value proposition of the original product. As such, a customer can “buy more stuff” without sacrificing the controls and reporting which attracted the customer to our product to begin with. For example:
- Our Fuel card customers can enable their cards to allow non-fuel purchases relevant to their business, like allowing a painting crew to buy supplies at a home improvement store, so they can finish the paint job.
- Our Toll tag customers can use their in-vehicle RFID tags to make other “on the go” purchases like parking, fuel and fast-food.
For our customers, these product extensions reduce payment friction, saving them time and operational headaches. For FLEETCOR, these product extensions can increase our share of wallet with existing customers and can increase our products’ appeal and applicability to previously-unserved customer segments (e.g., non-toll urban dwellers). We also create new product offerings, developed internally or in conjunction with partners, to cross-sell to our existing customer base.
- More Geographies. We continue to seek attractive entry opportunities in major international markets, which we intend to pursue through acquisitions and partnerships.
Together we can foster true belonging. We know different ideas, perspectives and backgrounds lead to better innovation and results. We are therefore committed to building and nurturing a culture of diversity, inclusion, and belonging by:
- Welcoming people of different backgrounds, cultures, ethnicities, genders, and sexual orientations;
- Empowering our people to share their experiences and ideas through open forums and individual conversations; and
- Valuing each person’s unique perspectives and individual contributions.
Embracing diversity enables our people to “make the difference” at FLEETCOR.
FLEETCOR’s culture reflects our history of fast growth and our continued drive for results. Our entrepreneurial spirit remains strong across our global workforce, and we reinforce these principles in our five core values:
- Innovation: Figure out a better way
- Execution: Get it done quickly
- Integrity: Do the right thing
- People: We make the difference
- Collaboration: Accomplish more together
These values guide all of our employees and are infused in all aspects of our Company. We are, as a team, united through these shared values and our mission to provide “a better way to pay.”
Our values foster an inclusive culture through the expectation that all employees will treat each other with respect and appreciate the diversity of identities, thoughts, backgrounds and styles. Our commitment to fostering an inclusive culture has never been more essential than in this moment of national reflection. We must always celebrate the diversity of our company and our communities.
We strongly believe that the quality and diversity of our workforce provide FLEETCOR with a competitive advantage, and that our problem-solving and solution-building efforts are greatly enhanced when we harness the collective thinking of a diverse group of people with unique experiences and perspectives.
FLEETCOR’s COVID-19 Hiring Guidelines:
Due to COVID-19, most of our employees are temporarily working from home. In addition, FLEETCOR implemented a virtual interviewing and hiring process, engaging with talent by phone or video and onboarding new employees remotely. We value the safety of each member of our community because we know we’re all in this together.
Equal Opportunity/Affirmative Action Employer:
FLEETCOR is an Equal Opportunity Employer. FLEETCOR provides equal employment opportunities to all employees and applicants without regard to race, color, gender (including pregnancy), religion, national origin, ancestry, disability, age, sexual orientation, gender identity or expression, marital status, language, ancestry, genetic information, veteran and/or military status or any other group status protected by federal or local law. If you require reasonable accommodation for the application and/or interview process, please notify a representative of the Human Resources Department.
- Job Family IT
- Pay Type Salary
- 1200 Lake Hearn Dr NE, Atlanta, GA 30319, USA