Responsibilities:
Salary Range: $89,000-112,000
Position Summary:
Position Responsibilities may include, but not limited to:
- Supporting offensive security testing as well as DAST/SAST/SCA on company networks, systems, and applications to identify vulnerabilities and weaknesses
- Providing detailed reports and analysis of Red Team activities to stakeholders and leadership, including recommendations for mitigating identified risks
- Developing, documenting, and administering the entire penetration testing lifecycle during engagements
- Engaging in purple team exercises alongside Senior Red Teamers and Blue Teamers to build and enhance threat hunting and incident response capabilities
- Collaborating with internal stakeholders and external vendors to drive remediation of security vulnerabilities discovered via penetration testing and/or Red Teaming
- Assisting Sr. Red Teamers with threat modeling services for security exceptions and architecture reviews
- Providing subject matter expertise on the remediation of discovered vulnerabilities and gaps in security response
- Participating in external attack surface monitoring as well as continuous development of Cyber Threat Intelligence (CTI) capabilities
- Staying up-to-date with the latest trends, threats, and vulnerabilities in the cybersecurity landscape
- Other projects or duties as assigned
- Bachelor's degree in Information Security or related field and/or 2+ years of experience in Information Technology and/or Security
- Experience with network and application security testing tools such as Kali Linux, Nessus, Metasploit, BurpSuite, and Nmap
- Knowledge of common application and network protocols such as TCP/IP, DNS, HTTP, and HTTPS
- Experience with MITRE ATT&CK framework and adversary tactics, techniques and procedures (TTPs)
- Basic understanding of cybersecurity principles, standards, best practices and frameworks such as NIST, ISO, and CIS
- Familiarity with Information Security risk ranking scales and derivation
- Excellent verbal and written communication skills
- Travel as needed for role, including divisional / team meetings and other in-person meetings
- Hack the Box rank “Hacker” or higher
- CISSP, CEH, OSCP, GWAPT, GPEN, or other penetration testing and security related certifications are highly desired
- Experience testing solutions deployed in a public cloud environment (IaaS, PaaS, SaaS)