Primary Responsibilities:

• Assisting customers with penetration testing activities to include threat emulation against traditional network enterprise environments.


• Maintain in-depth technical knowledge of adversarial activity in order to replicate similar tactics, techniques, and procedures (TTPs) during assessments.


• Assess customers security posture through the use of automated tools and manual techniques to identify, verify and exploit security vulnerabilities.


• Use creative approaches and techniques to identify vulnerabilities that are commonly missed in security assessments, and automated tools.

• Trigger vulnerabilities and identify specific, meaningful risks to customers based on business and mission impact to critical infrastructure/network environments.


• Provide detail-oriented technical assistance with remediation and mitigation efforts, often in the form of verbal and/or written communication to the customer.


• Create comprehensive assessment reports that clearly define vulnerability findings and all scoped requirements defined within the rules of engagement.


• Interface with client personnel and trusted agents to gather information, clarify scope and investigate security controls in depth.

Experience:

• Bachelor's Degree and five (5) years of experience performing full scope penetration testing of enterprise systems.


• Experience in a team lead or project management role.


• Some technical Penetration Testing qualification: OSCP / OSCE (Preferred)


• Ability to conduct full scope penetration testing of enterprise systems, including but not limited to: Active Directory (AD) enumeration, exploitation, and escalation of privileges, web application testing for custom flaws, wireless testing, password cracking, phishing and social engineering.


• Knowledge of vulnerability scanning and testing tools (Nmap, Nessus, Burp Suite Professional, Cobalt Strike, Metasploit, EyeWitness, Whatweb, SQLMap, Shodan, Censys.io, and other tools as deemed appropriate for the mission.


• Functional ability to leverage both Windows and Linux Operating Systems (OS).


• Ability to adapt to new Techniques, Tactics, and Procedures (TTPs) associated with realistic threats to improve vulnerability findings.


• Understanding of common attacker TTPs in order to perform threat analysis during assessments.


• Experience troubleshooting and understanding vulnerability scanning, testing tools and manual testing techniques to determine vulnerability findings that are missed.


• Experience with a scripting language to automate tasks (Python, Bash, Perl, etc.)

Education Requirements:

• Cybersecurity, Information Technology, Computer Science, or Related.

Certification Requirements:

• OSCP (Preferred).