We have a tremendous remote opportunity for a Penetration Tester to join a growing team. This hands-on role would involve performing external, internal, and social engineering engagements for our clients.
A qualified candidate will have a passion for offensive security with the ultimate objective of strengthening our clients’ security posture. This role will require the candidate to continually learn, adapt, and advance their tradecraft to remain effective on engagements.
An ideal candidate will have an understanding of, and experience in, most of the phases of a penetration test. These phases include reconnaissance, vulnerability identification, exploitation, privilege escalation, lateral movement, persistence, clean up, and reporting.
- Identify client objectives and plan accordingly
- Perform pre-engagement tasks such as:
- select/prepare tools
- build pretexts, payloads, and delivery mechanisms
- prepare support infrastructure
- purchase domain name(s)
- Execute phases of testing based on type of engagement, which may include reconnaissance, vulnerability identification, exploitation, privilege escalation, lateral movement, persistence, clean up, and reporting
- Document progression and findings of testing such as methodologies, vulnerabilities, misconfigurations, etc. to later be compiled into a report
- When applicable, review vulnerability scans, and then provide feedback to client and/or internal team
- Interact with client pre-/post-engagement as well as during the engagement if needed
- Have the defensive knowledge to make recommendations that remediate the vulnerabilities and misconfigurations exploited during test. Understanding of a defense-in-depth strategy and best practices is a must
- Web App Testing
- Tool and/or payload obfuscation for evasion
- Cobalt Strike, Empire, Metasploit, Burp
- 2+ years’ experience in penetration testing
- Hands-on experience with Powershell, Python, C# a plus
- Strong time management
- Ability to work independently
- Strong technical knowledge with a comfort level working on a wide variety of technologies and implementations
- Experience engaging clientele in consulting-related environments
- Strong understanding of security principles, policies, and industry best practices
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Applicable certifications: OSCP/E, GWAPT, GPEN, GXPN, and eLearnSecurity
Best of all, you’ll get an opportunity to work with great people, great clients, and make a difference.
Location: Remote (no client travel)
Salary: $100k – $140k = benefits
Apply Back to search