Cyber Defense Labs, LLC

Assistant Director Penetration Testing

Location

Remote, US

Type

Full Time

Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.
Title: Assistant Director – Penetration Testing Team Lead (Proactive Technical)
Reports to: Director of Technical Proactive Services 
Job Summary: 
We are seeking an Assistant Director - Penetration Testing - Proactive Services to join our dynamic Security Testing team and take the lead in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.
Primary Duties and Responsibilities:
  • Conduct Web application penetration testing.
  • Conduct API penetration testing.
  • Conduct Mobile Application penetration testing on iOS and Android platforms.
  • Conduct security assessments on a wide variety of technologies and implementations.
  • Simulate sophisticated cyberattacks to identify vulnerabilities for clients worldwide.
  • Conduct source code reviews for security vulnerabilities.
  • Develop custom scripts or tools used for vulnerability scanning and identification as part of penetration testing.
  • Recommend remediation actions to mitigate valid findings.
  • Mentor and provide guidance for junior team members.
  • Work closely with the Director/Senior Manager/Principal Consultant of the team to develop and implement initiatives on training and TTPs.
  • Lead engagements and act as the point of contact for client engagement
  • Draft and review reports for assessments to industry standards and company guidelines
Minimum Qualifications:
  • At least 5 years of hand-on experience in performing external and internal penetration tests using industry standard tools such as Metasploit, Core Impact, Nmap, Burp Suite, etc.
  • Serves as the technical lead on penetration testing efforts.
  • Proficiency with red teaming tests in the performance of penetration testing.
  • Proficiency in mobile application penetration testing.
  • Thorough understanding of Windows and Linux based Operating Systems, networking (TCP/IP, Ports, Active Directory, DNS, and DHCP), Switch / Router configuration, and Security.
  • Proficiency with at least two scripting languages (e.g., Python, Bash, JavaScript, PowerShell); Ability to write custom exploit code, Metasploit modules, and attack tools are highly desired.
  • An understanding of cloud computing models, technologies and concepts.
  • Understanding of FISMA, PCI, and Federal Risk and Authorization Management Program (FedRAMP), NIST, GDPR programs and penetration testing requirements associated with them.
  • Advanced written and verbal communication skills, strong analytical and interpersonal characteristics, and ability to work both independently and collaboratively.
  • Must be a US Citizen.
  • Must pass basic background investigation.
  • Undergraduate degree in computer science, engineering, information science or a related technical discipline preferred.
  • Ability to team well with others to facilitate and schedule and coordinate required audit activities.
  • Ability to think creatively while accounting for multiple perspectives in any given scenario.
  • Ability to present technical concepts to non-technical audiences.
  • Ability to be flexible and adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
  • Demonstrated good judgment, tact, and decision-making ability.
  • Demonstrated good time management, interpersonal, communication, organizational, and decision-making skills.
  • Willingness to travel to customer sites when required.
 Preferred Qualifications:
  • An advanced degree in an IT-related field
  • A desire to teach and evangelize security and different technologies, both internally and to clients
  • Experience as a technical team lead or manager of penetration testers.
  • A GitHub or other public source repo demonstrating project experience or experimentation.
  • Database administration, device configuration hardening, and compliance
  • Software engineering experience including knowledge of the Software Development Lifecycle
  • Systems Administration/Engineering experience including DevOps / DevSecOps.
  • Experience with common web frameworks, for example, jQuery, Bootstrap, Django, etc.
  • Experience with common development languages, for example, VB.net, Java, C#, JavaScript, etc.
  • Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
  • Working knowledge of defensive security techniques and technologies
  • One or more of the following certifications preferred: 
    • GIAC Web Application Penetration Tester (GWAPT)
    • GIAC Penetration Tester (GPEN)
    • Certified Ethical Hacker (CEH)
    • Certified Information Security Manager (CISM)
    • Certified Information System Auditor (CISA)
    • Certified Internal Auditor (CIA)
    • or other professional certifications in related area.
Please note Cyber Defense Labs does not accept resumes from any source other than directly from candidates. We will not consider resumes from vendors including and without limitation search firms, staffing agencies, fee-based referral services and recruiting agencies.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Company Website: www.cyberdefenselabs.com

(if you already have a resume on Indeed)

Or apply here.

* required fields

Location*
Resume/Qualifications*

U.S. Equal Opportunity Employment Information (Completion is voluntary)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.