Location: Fully Remote Job Description : Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives. Performs a variety of ethical hacking activities against the technical security controls and systems. Serves as technical and function SME across multiple security domain areas, raising awareness and communicating security risks. Responsibilities: Conduct active offensive and/or adversarial operations Develop custom tooling in support of Red Team operations Develop in-depth findings reports Document the impact and severity of attack chains to be presented to the lines of business Act as a subject matter expert to convey technical details on attacks to the blue teams Conduct internal and external penetration testing of networks, web applications, databases, and cloud services Manually exploit and compromise networks, web applications, databases, and cloud services to include privilege escalation and lateral movement Write final reports, defend all findings to include the risk or vulnerability, mitigation strategies, and references Ability to meet and coordinate with various audiences to include developers, system administrators, project managers, and senior government stakeholders Provide security recommendations for developers, system administrators, project managers, and senior government stakeholders Produce actionable, threat-based reports on security testing results Qualifications Bachelor’s degree or equivalent work experience At least 7-10 years of experience with security testing processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data Possesses certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or ZeroPointSecurity (CRTO) Highly Preferred Skills/Experience: Previous Red Team experience or expertise in Red Team operations/assessments Experience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and tools Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc. Proficiency in defeating endpoint security and controls (A/V, EDR, XDR, etc.) in support of Red Team operations Proficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.) Knowledge and experience with web-based application attacks Working knowledge of IT systems management including change control, software process improvement, and technical writing/documentation Working knowledge of information security architecture, security technologies, administration, audits, and network and internet security Working proficiency of various offensive security tools Strong verbal and written communication skills Significant experience identifying security vulnerabilities for the company’s networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture Strong ability to create proof of concepts from discovered potential vulnerabilities Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Go Verbal communication shell Python powershell network-security Databases cloud-platforms security-testing web-applications Perl scripting metasploit OffSec Certified Professional (OSCP) penetration-testing Written communication skills GIAC networking technologies Software Developer