Senior Penetration Tester (Red Team)

Location: Washington, DC
Date Posted: 05-14-2018
The Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner.  The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers.  Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work both independently and as a part of team testing efforts.

Required Skills/Qualifications:
  • Knowledge of vulnerability management and scanning best practices. This should include knowledge of the CVE database and the CVS System used for scoring vulnerabilities.
  • Experience with Unix (preferably Red Hat) administration skills.
  • The individual should be comfortable with all forms of daily server administration.
  • Experience with Windows server administration.
  • Knowledge and experience in basic web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack.
  • Knowledge of and experience in performing application assessments.
Desired Skills:
  • Overall 3+ years of Information Security experience.
  • At least 1 year experience performing application security assessments.
  • 2+ years Red Team experience.
  • Offensive pen testing experience.
  • Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes.
  • Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems.
  • Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services.
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
Minimum Education and Certifications
  • Bachelor’s degree highly desirable.
  • The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications and OSCP.
Place of Performance:
  • Onsite in Washington, DC

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender identity, military status, marital status or ancestry.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
this job portal is powered by CATS