TELOPHASE
Senior Penetration Tester (REMOTE)
TELOPHASE, Arlington, Virginia, United States, 22201
Location:
Fully Remote
Job Description :
Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives. Performs a variety of ethical hacking activities against the technical security controls and systems. Serves as technical and function SME across multiple security domain areas, raising awareness and communicating security risks.
Responsibilities:Conduct active offensive and/or adversarial operationsDevelop custom tooling in support of Red Team operationsDevelop in-depth findings reportsDocument the impact and severity of attack chains to be presented to the lines of businessAct as a subject matter expert to convey technical details on attacks to the blue teamsConduct internal and external penetration testing of networks, web applications, databases, and cloud servicesManually exploit and compromise networks, web applications, databases, and cloud services to include privilege escalation and lateral movementWrite final reports, defend all findings to include the risk or vulnerability, mitigation strategies, and referencesAbility to meet and coordinate with various audiences to include developers, system administrators, project managers, and senior government stakeholdersProvide security recommendations for developers, system administrators, project managers, and senior government stakeholdersProduce actionable, threat-based reports on security testing resultsQualifications
Bachelor's degree or equivalent work experienceAt least 7-10 years of experience with security testing processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational dataPossesses certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or ZeroPointSecurity (CRTO)Highly Preferred Skills/Experience:
Previous Red Team experience or expertise in Red Team operations/assessmentsExperience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and toolsWell versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.Proficiency in defeating endpoint security and controls (A/V, EDR, XDR, etc.) in support of Red Team operationsProficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)Knowledge and experience with web-based application attacksWorking knowledge of IT systems management including change control, software process improvement, and technical writing/documentationWorking knowledge of information security architecture, security technologies, administration, audits, and network and internet securityWorking proficiency of various offensive security toolsStrong verbal and written communication skillsSignificant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security postureStrong ability to create proof of concepts from discovered potential vulnerabilitiesAbility to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Fully Remote
Job Description :
Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives. Performs a variety of ethical hacking activities against the technical security controls and systems. Serves as technical and function SME across multiple security domain areas, raising awareness and communicating security risks.
Responsibilities:Conduct active offensive and/or adversarial operationsDevelop custom tooling in support of Red Team operationsDevelop in-depth findings reportsDocument the impact and severity of attack chains to be presented to the lines of businessAct as a subject matter expert to convey technical details on attacks to the blue teamsConduct internal and external penetration testing of networks, web applications, databases, and cloud servicesManually exploit and compromise networks, web applications, databases, and cloud services to include privilege escalation and lateral movementWrite final reports, defend all findings to include the risk or vulnerability, mitigation strategies, and referencesAbility to meet and coordinate with various audiences to include developers, system administrators, project managers, and senior government stakeholdersProvide security recommendations for developers, system administrators, project managers, and senior government stakeholdersProduce actionable, threat-based reports on security testing resultsQualifications
Bachelor's degree or equivalent work experienceAt least 7-10 years of experience with security testing processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational dataPossesses certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or ZeroPointSecurity (CRTO)Highly Preferred Skills/Experience:
Previous Red Team experience or expertise in Red Team operations/assessmentsExperience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and toolsWell versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.Proficiency in defeating endpoint security and controls (A/V, EDR, XDR, etc.) in support of Red Team operationsProficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)Knowledge and experience with web-based application attacksWorking knowledge of IT systems management including change control, software process improvement, and technical writing/documentationWorking knowledge of information security architecture, security technologies, administration, audits, and network and internet securityWorking proficiency of various offensive security toolsStrong verbal and written communication skillsSignificant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security postureStrong ability to create proof of concepts from discovered potential vulnerabilitiesAbility to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats