Job Description:
Core4ce

Penetration Tester (Red Team)
571-383

As a Penetration Tester specialized in Red Teaming, joining our team means you will play a pivotal role in ensuring our customers' networks and underlying data is secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.

This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets:

• Experience in participating in multi week red team security assessments or continuous operations

• Design and execute complex adversary simulations using cloud infrastructure, redirectors, and social engineering techniques. Identify and deploy attack vectors, including phishing campaigns and multi-stage attacks, leveraging cloud-based resources and redirectors to emulate real-world threat actors and evaluate the organization's defense mechanisms and/or capture security metrics

• Performs vulnerability analysis and exploitation of applications, operating systems or networks with a focus in building attack chains that have direct business impact

• Conduct in-depth analysis to identify and evaluate vulnerabilities and weaknesses within company systems

• Devises tests and scenarios for various penetration tests and Red Team activities. These will be tailored to whichever client is being supported on engagements and focus on most likely adversary TTPs, crown jewels, and potential security gaps in the client’s defense

• Documents results and communicates them to engineers and management

• Provides recommendations for new technologies and system designs according to test results

• Develops automated testing programs where possible

• Utilizes Red and Purple team assessment methodologies and adds to the methodologies as appropriate

• This position could require significant travel to client sites

Requirements

• Bachelor’s degree in related field or 5+ years of relevant experience in information technology or cybersecurity. 

• Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.

• Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).

• Leverage commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)

• Active DoD 8570 IAT Level I or greater and at least one the following certifications in good standing: OSWA, GWAPT, GXPN, GPEN, OSCP, OSWA, OSWE

• Active DoD Top Secret clearance

• Non attributional infrastructure deployment and automation
• Knowledge of MITRE ATT&CK or D3FEND frameworks
• 2+ years of recent and direct experience with Red Team security operations

• 4+ years of recent and direct experience with penetration testing and vulnerability assessments

• Comfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)

• Experience emulating specific ATPs

• Full spectrum red teaming experience a plus

• Red team knowledge management and mentorship a plus

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status

North Charleston, South Carolina, United States

Full-Time/Regular

PI249779823

Apply Now