Vacancy expired!
- Perform Penetration Testing and Red Team techniques to discover and exploit vulnerabilities.
- Perform automated and manual hands-on penetration security testing, identifying security risks within applications, security controls, and infrastructure.
- Plan, execute, and report on all testing activities and outcomes.
- Participate in regular Purple team exercises and perform adversary simulations to test defense controls.
- Perform internal and external penetration testing of network infrastructure, applications, and database.
- Promote computer security awareness through hacker demonstrations, working with Cyber-defenders, and presenting detailed security testing project debriefs.
- Create findings reports and communicate to stakeholders
- Recommend and implement improvements to testing processes/methodologies.
- Develop the set of security standards and best practices, recommending enhancements as needed
- Work closely with Blue team to test efficacy of existing alerts and help create new detection.
- Work closely with tools engineering teams to prioritize and remediate vulnerabilities.
- Work closely with SOC team to improve incident and threat detection capabilities. Work closely with corporate IT and DevOps to install and configure security solutions.
- Review information security trends and news sources for emerging threats and vulnerabilities
- Review systems, network, and devices to identify vulnerabilities, audit findings, and compliance issues.
- 5+ years of experience in Cybersecurity
- 4+ years of experience with executing Web application, network, cloud infrastructure, and system penetration tests for clients
- Experience with leveraging Open Source penetration testing tools, such as Metasploit and the Kali Linux tool set
- Experience with code analysis tools such as Veracode, CodeSonar, etc.
- Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C, C#, or Java, including scripting and editing existing code
- Knowledge of AWS and/or Azure security practices
- Knowledge of open security testing standards and projects, including OWASP
- Ability to assist remediation efforts for discovered vulnerabilities
- Ability to mentor junior and mid-level staff by teaching the latest penetration testing techniques and to operate and lead organized security testing engagements with little assistance while demonstrating teamwork
- Possession of excellent oral and written communication skills to communicate effectively and professionally with clients, teammates, and senior leadership
- Ability to clearly convey results in formal technical reports and deliver briefings to various stakeholders.
- BA or BS degree
- Experience with Web application development, system administration, and the software and system development life cycle
- Experience with red-teaming and covert computer network exploitation
- Experience with programming
- Knowledge of secure coding best practices
- Ability to craft custom exploits for proof-of-concept code
- Offensive Security Certified Professional (OSCP), or SANS GIAC Penetration Tester, including GPEN and GXPN Certification
- CEH certification
Vacancy expired!