Penetration Tester

About The Position

Requirements

• Minimum of 2+ years’ experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, or social engineering
• Proficiency with cloud technology and deployments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
• Proficiency in the testing and assessment of mobile operating systems, embedded systems, and/or IoT devices
• Experience in drafting reports, documenting case details, and summarizing findings and recommendations based on system analysis
• Experience performing advanced vulnerability scanning and assessments on all components
• Experience conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing
• Demonstrated strong written and verbal communication skills
• Strong understanding of NIST 800-53 frameworks
• US Citizenship and an active security clearance at a minimum of the Secret Level

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Engineering, or a related field
• Proven ability to develop and execute complex exploits and PoC attacks
• Strong analytical skills and experience in firmware, binary exploitation, and embedded systems testing
• Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering
• Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications

Responsibilities

• Conducting comprehensive penetration testing on hardware, software, and network components.
• Performing advanced vulnerability scanning and assessments on all components.
• Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
• Analyzing software, firmware, hardware, and/or RF components within the system.
• Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as providing information on a high-level remediation strategy.
• Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
• Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
• Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
• Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
• Performing manual verification of vulnerabilities, assessing their risk and exploitability.
• Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
• Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
• Reporting detailed findings, documenting case details, and providing actionable recommendations for remediation to enhance product security based on system analysis.
• Planning and executing full-scale, cross-domain vulnerability assessments, network penetration testing, and phishing/social engineering campaigns.

Benefits

• The salary range for this position is $130,000.00 - $145,000.00 commensurate on experience and technical skillset.
• We are open to considering a varying levels of experience for these projects and potential for 1099 hourly opportunity.