Penetration Tester (Red Team)

Location: Washington, DC
Date Posted: 09-11-2018
Title:                     Red Team Penetration Tester
Location:               On Client site in Washington, DC
Salary:                  DOE
The Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner.  The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers.  Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work both independently and as a part of team testing efforts.

Skills and Qualifications:
  • Overall 3+ years of Information Security experience.
  • At least 1 year of experience performing application security assessments.
  • 2+ years Red Team experience.
  • Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities.
  • Experience with Unix (preferably Red Hat) administration skills.
  • Working understanding of all forms of daily server administration.
  • Experience with Windows server administration.
  • Knowledge and experience in basic web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack.
  • Knowledge of and experience in performing application assessments.
  • Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and a notion of how to they are fixed.
  • A good understanding of Linux.
  • An understanding of local Linux OS flaws and how to leverage them to increase privilege
  • Familiarity with security focused distributions.
  • Offensive pen testing experience.
  • Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes.
  • Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems.
  • Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services.
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
  • A good understanding of Penetration testing methodology (recon [active & passive], vulnerability analysis, exploitation, lateral movement, and reporting).
  • Working familiarity with the following tools:
    • NMAP.
    • Metasploit.
    • Meterpreter.
    • Cobalt Strike.
  • Experience with obtaining access through spear phishing, HID exploitation, rogue access points, etc.
  • Background in scripting. 

  • Bachelor’s degree highly desirable.

  • The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications and OSCP.
Company Benefits
Full affordable health benefits; Short-term and Long-term Disability; Life Insurance and AD&D Insurance paid for by Lunarline; 401(k) retirement plan with employer safe harbor matching - IMMEDIATE VESTING; Tuition and Certification Reimbursements; All federal holidays paid

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
this job portal is powered by CATS