Get more qualified candidates and reduce your costs with our guaranteed recruiting solutions

Talk to an expert today

CLOSED - 2544 - Penetration Tester

Laurel, Maryland
Secret

OVERVIEW:

Work as a Product Vulnerability Researcher for a complex security platform to identify flaws in hardware and software. Utilize the latest techniques in vulnerability/exploit research for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full secure development life cycle (SDLC). Help design security controls and validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards.

REQUIRED QUALIFICATIONS:

  • 5+ years of experience developing security tools and penetration testing scripts
  • 5+ years of experience performing application and infrastructure penetration testing to discover and exploit vulnerabilities
  • Experience with modern exploitation techniques, exploit mitigation techniques, and software protections or binary armoring
  • Experience with software development and testing in Python, Java, JavaScript, C/C++, or ASM
  • Knowledge of OS Internals
  • Knowledge of the system engineering life cycle, including security architecture, software security, intrusion detection, and defensive countermeasures
  • Ability to develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations
  • HS diploma or GED
  • Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information

DESIRED QUALIFICATIONS:

  • Experience with offensive security research & development and maintaining both an on-premise and cloud-hosted attack lab environment
  • Knowledge of Red Team concepts and adversarial tradecraft against physical and software defined networking, operating systems, web applications, databases, and modern container orchestration frameworks
  • Knowledge of the Penetration Testing Execution Standard (PTES)
  • Knowledge of MITRE ATT&CK Framework and its application
  • Knowledge of Linux/Red Hat preferred
  • Knowledge of IT concepts, including Active Directory, TCP/IP, 802.11x, IPSEC, HTTPS, ICAM, Cryptography, and Cloud
  • Ability to develop custom tools and tradecraft to automate tasks
  • Ability to communicate upwards and to peers and presenting technical subjects to non-technical audiences
  • TS/SCI clearance with a polygraph
  • OSCP, OSWP, OSEP, OSCE, OSWA, or OSWE Certification

CLEARANCE:

  • Secret minimum