Title: Red Team Penetration Tester
Location: On Client site in Washington, DC
The Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner. The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers. Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work both independently and as a part of team testing efforts.
Skills and Qualifications:
- Overall 3+ years of Information Security experience.
- At least 1 year of experience performing application security assessments.
- 2+ years Red Team experience.
- Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities.
- Experience with Unix (preferably Red Hat) administration skills.
- Working understanding of all forms of daily server administration.
- Experience with Windows server administration.
- Knowledge and experience in basic web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack.
- Knowledge of and experience in performing application assessments.
- Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and a notion of how to they are fixed.
- A good understanding of Linux.
- An understanding of local Linux OS flaws and how to leverage them to increase privilege
- Familiarity with security focused distributions.
- Offensive pen testing experience.
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes.
- Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems.
- Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services.
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
- A good understanding of Penetration testing methodology (recon [active & passive], vulnerability analysis, exploitation, lateral movement, and reporting).
- Working familiarity with the following tools:
- Cobalt Strike.
- Experience with obtaining access through spear phishing, HID exploitation, rogue access points, etc.
- Background in scripting.
- Bachelor’s degree highly desirable.
- The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications and OSCP.