Job Description:
Core4cePenetration Tester
569-383
This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets
Responsibilities
-
Conduct internal and external security testing, mimicking real-world attack techniques to identify vulnerable systems or opportunities for circumventing security defenses
-
Performs vulnerability analysis and exploitation of applications, operating systems or networks.
-
Develop custom exploits and/or design security tests to emulate threats and demonstrate the potential vulnerabilities within network
-
Devises tests and scenarios for various penetration tests and collaborative purple team exercises
-
Identify potential flaws and vulnerabilities in external and internal systems, demonstrate how those weaknesses could be exploited, and support the development of countermeasures to reduce or mitigate risk
-
Develop comprehensive reports and presentations for both technical and executive audiences, tailor the content to meet the audiences where they are, and design the messaging to help mitigate risks and identify defensive options
-
Perform application analysis, reverse engineering, or malware analysis as needed, to include the use of an offline workstation to analyze the functions of raw code to identify its functionality and develop defenses tailored to the customer
-
This position could require significant travel to client sites
Requirements
- Active DoD Top Secret clearance
- Active DoD 8570 IAT Level I or greater, and at least one the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT
- 7+ years of recent and direct experience with security operations in threat hunting activities
- 7+ years of recent and direct experience with penetration testing and vulnerability assessments
- Experience conducting scenario-based and functional security testing during authenticated and unauthenticated testing.
- Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.
- Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).
- Significant hands-on experience leveraging commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)
- Comfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)
- Experience creating Rules of Engagement, Policy development, TTPs, CONOPs
- Experience working with the IR/SOC team in an as needed support role during investigations
- Experience in Red and Purple team testing methodologies a plus
- Knowledge of the MITRE ATT&CK and D3FEND frameworks a plus
- Experience emulating specific ATPs a plus
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status
North Charleston, South Carolina, United States
Full-Time/Regular
PI249779864
More jobs in NORTH CHARLESTON, South Carolina
|
Intuit |
|
Intuit |
|
Intuit |