We have successfully partnered finding technical talent for one of our most forward thinking engineering partners. Their company is focused on using their their size and talent to create nimble and unique solutions in Software Engineering, Cyber Security, Modeling & Simulation, Data Science & Analytics, Machine Learning, Energy, and Power Systems.
Responsibilities:
Exploit at scale while remaining stealthy, identify and exploit mis-configurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you're the type of cyber security
Quickly assimilate new information as you will face new client environments on a weekly or monthly basis
Serve as a technical lead for complex engagements
Develop and mentor junior staff
Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Recognize and safely utilize attacker tools, tactics, and procedures
Develop scripts, tools, or methodologies to enhance QRI's cyber security processes
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
Qualifications:
understand all the threat vectors to each environment and properly assess them
7 plus years' experience in at least three of the following:
Network penetration testing and manipulation of network infrastructure
Mobile and/or web application assessments
Email, phone, or physical social-engineering assessments
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Developing, extending, or modifying exploits, shellcode or exploit tools
Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
Reverse engineering malware, data obfuscators, or ciphers
Source code review for control flow and security flaws
Strong knowledge of tools used for wireless, web application, and network security testing
Thorough understanding of network protocols, data on the wire, and covert channels
Thorough understanding of Active Directory
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
Must possess a deep understanding of both information security and computer science
Understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operation