Senior Penetration Tester

Penetration Tester

US CITIZENS ONLY; No sponsorship available

*You must have an OSCP or HackTheBox Certification*

100% Remote

Salary Range: $75-135k plus bonuses, varies depending on your skill level

You will be asked to complete a set of pre-interview questions in order to move forward with a formal interview.

______________

About Us

We are a different type of information security company. We were founded by a small group of experienced information security engineers and are still run by the same team today. Our company culture is deeply anchored in experience, creativity, and talent. Unlike many of our competitors, we've spent decades in the trenches of IT security, not 50,000 feet up in the clouds.

We've been key players at some of the largest IT security organizations and led some of the best corporate information security teams for enterprise organizations. We not only designed next-level information security solutions, but we also built them and were responsible for the day-to-day environment. Most importantly, we've walked in our customers’ shoes, and we understand.

When you engage us as a trusted information security partner, you gain access to our full range of consulting services. We leverage our experience, knowledge, and contacts to make our clients successful.

Recruiting for the following levels:

• Junior - $75-90k
• Mid - $90-135k

The primary role of this Penetration Tester is to perform multidisciplinary assessment services as needed. Examples include Application Security Assessments against web apps, mobile apps, web services, and fat-client applications. Proficiency in delivering Network Vulnerability and Penetration Assessments both externally and internally against wired and wireless targets is also required. Penetration Testers can assess external, internal, wired, and wireless networks. Social engineering assessments, both phishing-based and physical, may also be required occasionally. Must demonstrate the highest skill levels and help set acceptable assessment standards for the Company.

Duties

• Deliver Application Security Assessments against web apps, mobile apps, web services, and fat-clients
• Deliver External, Internal, and Wireless Vulnerability and Penetration Assessments
• Deliver highly targeted and specialized Red Team engagements
• Deliver phishing-based and physical Social Engineering Assessments
• Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:
• Kickoff and scoping calls
• Assessment status updates and ongoing project communication
• Report delivery
• Wrap-up meetings
• Assist in enhancing various company methodologies
• Mentor Security Consultants and assist in their efforts to develop areas of expertise
• Demonstrate the highest level of offensive skills, pre and post-exploitation
• Demonstrate excellent writing skills both during email correspondence and report creation
• Prioritize findings based on perceived risk, using existing knowledge of clients’ business to ascertain finding severity
• Lead by example in behavior, work ethic, and punctuality
• Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
• Utilize non-billable time to work on company-directed internal projects
• Contribute to company methodology and vulnerability repositories
• Contribute to company blog and to company image via speaking engagements

Requirements

• Full-time assessment experience with networks and applications
• Posses longer-term, multi-disciplinary, expert-level IT skills including sysadmin, infrastructure, net-engineering, software development, and security-engineer experience
• Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred.
• Demonstrates knowledge of all classes of vulnerabilities and exploits
• Posses more blue-team knowledge than junior peers
• Should have numerous public vulns/exploits to name
• Identifies vulnerabilities and discloses on public software on an ongoing basis
• Writes exploits from scratch if necessary
• BurpSuite Expert
• Ability to write BurpSuite Extender plugins
• Ability to configure working login macros
• Use Repeater and Intruder to manually find flaws.
• Use Scanner in an appropriate manner to automatically find flaws.
• Quickly eliminate false positive based on intuition and response content
• Burp Extender contributor
• Github
• Kali Ninja
• Metasploit Expert
• Scripting skills: Whatever gets the job done (php/perl/python/bash/etc)