Lead Penetration Tester

As a Lead Penetration Tester joining our team, you will play a pivotal role in ensuring our customers' networks and underlying data is secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.

This position will be the technical lead on engagements and interface with the customer supervising other members of the assessment team

This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets

Responsibilities

• Conduct internal and external security testing, mimicking real-world attack techniques to identify vulnerable systems or opportunities for circumventing security defenses
• Performs vulnerability analysis and exploitation of applications, operating systems or networks.
• Develop custom exploits and/or design security tests to emulate threats and demonstrate the potential vulnerabilities within network
• Devises tests and scenarios for various penetration tests and collaborative purple team exercises
• Identify potential flaws and vulnerabilities in external and internal systems, demonstrate how those weaknesses could be exploited, and support the development of countermeasures to reduce or mitigate risk
• Develop comprehensive reports and presentations for both technical and executive audiences, tailor the content to meet the audiences where they are, and design the messaging to help mitigate risks and identify defensive options
• Perform application analysis, reverse engineering, or malware analysis as needed, to include the use of an offline workstation to analyze the functions of raw code to identify its functionality and develop defenses tailored to the customer
• This position could require significant travel to client sites

Requirements

• Bachelor's degree in related field or 10+ years of relevant experience in information technology or cybersecurity.
• 10+ years of recent and direct experience with security operations in threat hunting activities
• 10+ years of recent and direct experience with penetration testing and vulnerability assessments
• Comfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)
• Experience creating Rules of Engagement, Policy development, TTPs, CONOPs
• Experience working with the IR/SOC team in an as needed support role during investigations
• Active DoD 8570 IAT Level I or greater, and at least one the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT
• Experience conducting scenario-based and functional security testing during authenticated and unauthenticated testing.
• Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.
• Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).
• Significant hands-on experience leveraging commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)
• Active DoD Top Secret clearance

Preferred

• Experience in Red and Purple team testing methodologies a plus
• Knowledge of the MITRE ATT&CK and D3FEND frameworks a plus
• Experience emulating specific ATPs a plus

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.