Engineer, Offensive Cybersecurity

Responsibilities (including but not limited to):

• Performing external and internal network vulnerability assessments, penetration tests, and social engineering engagements.
• Creating and conducting technical reviews of various highly detailed cybersecurity testing reports.
• Researching and staying up to date with the latest penetration testing techniques, tools and methodologies.
• Either currently or in the future, perform white box risk assessments and penetration tests of cloud environments (Azure, AWS, GCP)
• Assisting with the development of various scripts, tools, and processes to help automate various pentesting processes.
• Presenting various penetration testing reports to customers and discussing nuanced technical recommendations, with the expectation of leading customer presentations within 3 months.
• Discuss with, collaborate with, and train teammates from the Cybersecurity Red Team around various tools and techniques associated with network penetration testing.
• Managing physical testing appliances (penboxes or security testing appliances). Duties include inventory management, device setup and configuration (scripts have been internally created), and, at times, shipping and receiving.

Skills:

• Critical and creative thinking to strategize how to add value to customer engagements.
• Ability to self-manage time and commitments.
• Strong attention to detail and well-organized.
• Highly motivated to continuously learn and innovate.
• Excellent verbal communication and written communication skills, especially when communicating complex concepts to non-technical audiences.
• Exceptional spelling and grammar skills for writing and proofreading documents.
• Comfortable scripting in Python, Bash, and PowerShell
• Familiar with Windows, MacOS, and Linux operating systems
• Familiarity and comfortability operating within the Linux operating system.
• A thorough understanding of the OSI model, the functionality of common protocols, and major relevant vectors of exploitation.
• A thorough understanding of the MITRE ATT&CK Framework and the Penetration Testing Execution Standard.
• Familiarity with the fundamentals of heuristic-based threat detection technologies such as IDS, IPS, EDR, XDR.
• Understand basic datacenter, cloud, and virtual networking concepts.

You'll love this job if you:

• Value, integrity, and honesty above all else in a non-negotiable way.
• Have a passion for the information security industry and helping people.
• Are capable of managing time efficiently and meeting deadlines with multiple concurrent projects.
• Are able to work within constraints and to challenge the status quo.
• Are able to self-direct work, orient to action, and truly own the position.
• Have a collaborative attitude and mindset with colleagues and team members

Qualifications:

• 3+ Years of Penetration Testing Experience (Required)
• 2+ Years of Experience working with a major cloud platform (Azure, AWS, or GCP) (Required)
• Bachelor’s Degree in one of the following areas of concentration: Computer Science, Software Development, Information Technology, Cybersecurity (nice to have)
• Background in physical device management (nice to have)
• Familiarity with web application and API penetration testing (nice to have)
• 2+ Years experience scripting in Python for automation, data science, or cybersecurity purposes (nice to have)
• Hold one or more of the following CREST Certifications (required) - CREST Registered Penetration Tester (CRT) - CREST Certified Tester - Infrastructure (CCT INF) - CREST Certified Simulated Attack Specialist (CCSAS) - CREST