You must have an OSCP or HackTheBox Certification
100% Remote
Salary Range: $75-135k plus bonuses, varies depending on your skill level
You will be asked to complete a set of pre-interview questions in order to move forward with a formal interview.
About Us
We are a different type of information security company. We were founded by a small group of experienced information security engineers and are still run by the same team today. Our company culture is deeply anchored in experience, creativity, and talent. Unlike many of our competitors, we\'ve spent decades in the trenches of IT security, not 50,000 feet up in the clouds.
We\'ve been key players at some of the largest IT security organizations and led some of the best corporate information security teams for enterprise organizations. We not only designed next-level information security solutions, but we also built them and were responsible for the day-to-day environment. Most importantly, we\'ve walked in our customers’ shoes, and we understand.
When you engage us as a trusted information security partner, you gain access to our full range of consulting services. We leverage our experience, knowledge, and contacts to make our clients successful.
Recruiting for the following levels:
Junior - $75-90k
Mid - $90-135k
The primary role of this Penetration Tester is to perform multidisciplinary assessment services as needed. Examples include Application Security Assessments against web apps, mobile apps, web services, and fat-client applications. Proficiency in delivering Network Vulnerability and Penetration Assessments both externally and internally against wired and wireless targets is also required. Penetration Testers can assess external, internal, wired, and wireless networks. Social engineering assessments, both phishing-based and physical, may also be required occasionally. Must demonstrate the highest skill levels and help set acceptable assessment standards for the Company.
Duties
Deliver Application Security Assessments against web apps, mobile apps, web services, and fat-clients
Deliver External, Internal, and Wireless Vulnerability and Penetration Assessments
Deliver highly targeted and specialized Red Team engagements
Deliver phishing-based and physical Social Engineering Assessments
Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:
Kickoff and scoping calls
Assessment status updates and ongoing project communication
Mentor Security Consultants and assist in their efforts to develop areas of expertise
Demonstrate the highest level of offensive skills, pre and post-exploitation
Demonstrate excellent writing skills both during email correspondence and report creation
Prioritize findings based on perceived risk, using existing knowledge of clients’ business to ascertain finding severity
Lead by example in behavior, work ethic, and punctuality
Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
Utilize non-billable time to work on company-directed internal projects
Contribute to company methodology and vulnerability repositories
Contribute to company blog and to company image via speaking engagements
Requirements
Full-time assessment experience with networks and applications
Posses longer-term, multi-disciplinary, expert-level IT skills including sysadmin, infrastructure, net-engineering, software development, and security-engineer experience
Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred.
Demonstrates knowledge of all classes of vulnerabilities and exploits
Posses more blue-team knowledge than junior peers
Should have numerous public vulns/exploits to name
Identifies vulnerabilities and discloses on public software on an ongoing basis
Writes exploits from scratch if necessary
BurpSuite Expert
Ability to write BurpSuite Extender plugins
Ability to configure working login macros
Use Repeater and Intruder to manually find flaws.
Use Scanner in an appropriate manner to automatically find flaws.
Quickly eliminate false positive based on intuition and response content
Burp Extender contributor
Github
Scripting skills: Whatever gets the job done (php/perl/python/bash/etc)
#J-18808-Ljbffr
