Vacancy expired!
- Perform recon on applications and networks
- Perform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systems
- Perform internal and external Pentest against systems to determine vulnerabilities and offer mitigation strategies
- Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systems
- Analyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendations
- Conduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systems
- Translate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tactics
- Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
- Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption
- Ability to assist with researching and evaluating security policies and guidance
- Ability to train other team members on security concepts
- Excellent communication skills
- 4-5 years of experience in related field
- Demonstrated real-world experience performing grey and black box penetration testing.
- Must be proficient in common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc.
- Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables Sysinternals, A/V evasion methodologies, Exploit Dev.
- Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; ESXi or similar; mobile platforms are a plus.
- Solid understanding of networking, TCP/IP, virtualization and cloud/data center architecture.
- Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
- Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques.
- Bachelors or Masters degree in Cyber Security
- Experience with Linux, Windows, wireless, and virtual platforms
- Knowledge of information security policies and guidance
- Certifications such as security+, CEH
- Proactive interest in emerging technologies and techniques related to penetration testing
- Experience performing Red Team, Blue Team Operations.
- Experience with IOT device
- Certifications such as OSCP and GPEN
- Malware analysis or digital computer forensics experience.
- Scripting (Windows/nix), Bash, Python, Perl or Ruby, Systems Programming is a plus.
- Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats.
Vacancy expired!