Core4ce
Penetration Tester (Red Team)
Core4ce, North Charleston, South Carolina, United States, 29405
Job Description
As a Penetration Tester specialized in Red Teaming, joining our team means you will play a pivotal role in ensuring our customers' networks and underlying data is secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.
This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets:
Experience in participating in multi week red team security assessments or continuous operationsDesign and execute complex adversary simulations using cloud infrastructure, redirectors, and social engineering techniques. Identify and deploy attack vectors, including phishing campaigns and multi-stage attacks, leveraging cloud-based resources and redirectors to emulate real-world threat actors and evaluate the organization's defense mechanisms and/or capture security metricsPerforms vulnerability analysis and exploitation of applications, operating systems or networks with a focus in building attack chains that have direct business impactConduct in-depth analysis to identify and evaluate vulnerabilities and weaknesses within company systemsDevises tests and scenarios for various penetration tests and Red Team activities. These will be tailored to whichever client is being supported on engagements and focus on most likely adversary TTPs, crown jewels, and potential security gaps in the client's defenseDocuments results and communicates them to engineers and managementProvides recommendations for new technologies and system designs according to test resultsDevelops automated testing programs where possibleUtilizes Red and Purple team assessment methodologies and adds to the methodologies as appropriateThis position could require significant travel to client sites
Requirements
Bachelor's degree in related field or5+ years of relevant experience ininformation technology orcybersecurity.Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).Leverage commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)Active DoD 8570 IAT Level I or greater and at least one the following certifications in good standing: OSWA, GWAPT, GXPN, GPEN, OSCP, OSWA, OSWEActive DoD Top Secret clearanceNon attributional infrastructure deployment and automationKnowledge of MITRE ATT&CK or D3FEND frameworks2+ years of recent and direct experience with Red Team security operations4+ years of recent and direct experience with penetration testing and vulnerability assessmentsComfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)Experience emulating specific ATPsFull spectrum red teaming experience a plusRed team knowledge management and mentorship a plus
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status
As a Penetration Tester specialized in Red Teaming, joining our team means you will play a pivotal role in ensuring our customers' networks and underlying data is secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.
This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets:
Experience in participating in multi week red team security assessments or continuous operationsDesign and execute complex adversary simulations using cloud infrastructure, redirectors, and social engineering techniques. Identify and deploy attack vectors, including phishing campaigns and multi-stage attacks, leveraging cloud-based resources and redirectors to emulate real-world threat actors and evaluate the organization's defense mechanisms and/or capture security metricsPerforms vulnerability analysis and exploitation of applications, operating systems or networks with a focus in building attack chains that have direct business impactConduct in-depth analysis to identify and evaluate vulnerabilities and weaknesses within company systemsDevises tests and scenarios for various penetration tests and Red Team activities. These will be tailored to whichever client is being supported on engagements and focus on most likely adversary TTPs, crown jewels, and potential security gaps in the client's defenseDocuments results and communicates them to engineers and managementProvides recommendations for new technologies and system designs according to test resultsDevelops automated testing programs where possibleUtilizes Red and Purple team assessment methodologies and adds to the methodologies as appropriateThis position could require significant travel to client sites
Requirements
Bachelor's degree in related field or5+ years of relevant experience ininformation technology orcybersecurity.Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).Leverage commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)Active DoD 8570 IAT Level I or greater and at least one the following certifications in good standing: OSWA, GWAPT, GXPN, GPEN, OSCP, OSWA, OSWEActive DoD Top Secret clearanceNon attributional infrastructure deployment and automationKnowledge of MITRE ATT&CK or D3FEND frameworks2+ years of recent and direct experience with Red Team security operations4+ years of recent and direct experience with penetration testing and vulnerability assessmentsComfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)Experience emulating specific ATPsFull spectrum red teaming experience a plusRed team knowledge management and mentorship a plus
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status