- Performing both internal and external penetration testing of network infrastructure and applications.
- Performing Red Team assessments including physical, social engineering, and network exploitation.
- Performing well-controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases.
- Demonstrating advanced understanding of business processes, internal control risk management, IT controls, and related standards.
- Effectively communicating findings and strategy to stakeholders, including technical staff and executive leadership.
- Identifying and evaluating complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Participating in regular Purple Team exercises and performing adversary simulations to test defense controls.
- Assisting with scoping prospective engagements, leading engagements from kickoff through remediation.
- Working closely with the Blue Team to test the efficacy of existing alerts and help create new detections.
- Creating findings reports and effectively communicating findings to stakeholders.
- Contributing to enhancing the team's toolkit.
- Writing custom scripts to automate tasks related to finding new vulnerabilities
- Maintaining the playbook to continually improve company penetration testing methodologies and threat modeling.
Required Qualifications:
- 10+ years of experience in Penetration testing, Red Team and Purple Team
- Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience
- Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.)
- Must have a demonstrable understanding of voice and data networks, major operating systems, active directory, cloud technologies
- Must demonstrate knowledge of MITRE s ATT&CK framework, execute and chain TTP s
- Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
- Ability to optimally code in a scripting language (Python, Bash, PowerShell, Rust, C, C++, Golang, etc.)
- BA/BS degree in a technical or business field
- USC or GC
Desired Qualifications:
- CRTO, OSCP, other relevant certifications
Job Type: Contract
Salary: From $80.00 per hour
Expected hours: 40 per week
Application Question(s):
- Citizenship status?
- Do you have experience with Performing Red Team assessments including physical, social engineering, and network exploitation?
- Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc?
- MITRE s ATT&CK framework?
Work Location: Remote