We are looking for a motivated Pentester to join our Red Team. To be successful in this role, the individual should possess a deep understanding of both information security and computer science. They should be able to understand basic concepts such as networking, applications, and operating system functionality, as well as be able to adapt and learn advanced concepts such as exploit development. You will be expected to quickly assimilate new information, as you will face new client environments on a daily basis. The ideal candidate thrives in a fast-paced environment and continuously implements new knowledge and skills.
- Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
- Assist in developing comprehensive and accurate reports for both technical and executive audiences.
- Consult with customers on how to improve their security posture.
- Effectively communicate findings and strategy to client stakeholders.
- Recognize and safely utilize attacker tools, tactics, and procedures.
- Occasionally will be involved in client Incident Response activities if/when a client experiences a cybersecurity incident.
- Participate in phishing test campaigns.
- Minimum 2 years of hands-on technical cybersecurity experience performing pentests as a primary task.
- Pentesting on network, cloud, server and containers, Active Directory, Microsoft 365, web, API, and mobile.
- Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
- Experience with basic scripting languages including bash and/or PowerShell.
- Demonstrated ability to:
- Adhere to the highest standards of honesty and integrity.
- Think critically about complex problems and situations.
- Have a passion for researching emerging vulnerabilities and threats from within the context of organizational risk and business impact.
- Exploiting and chaining vulnerabilities to maximize their impact.
- Know how hackers exploit the human element to gain unauthorized access to secure systems.
- Develop novel attack vectors based on newly discovered vulnerabilities.
- Understand how computer security breaches can disrupt business, including the financial and managerial implications.
- Apply industry standards, TTPs and best practices such as the Penetration Testing Execution Standard (PTES) and the Mitre ATT&CK Framework.
- Go beyond automated and “push-button” attack tools and utilities.