Cyber Defense Labs, LLC

Offensive Security Specialist/Pen Tester

Location

Remote, US

Type

Full Time

Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event. 

Offensive Security Specialist/Pen Tester


Job Summary:

Conduct application and network attack & penetration audits, and other assurance and compliance audits. Coordinates programs to be executed with internal and external groups and ensures successful delivery of penetration tests and audits, in line with agreed methods and guidelines. Also responsible for evaluating and advising leadership on the readiness for the commencing of external audits, and coordinating activities related to audits such as document requests, evidence collection, and liaising with the external auditors and internal departments involved in the audits.

Primary Duties and Responsibilities: 

  • Execute application and network penetration testing that will vary in level of complexity from simple to moderately complex.
  • Develop detailed work plans, schedules, resource plans for recurring penetration testing.
  • Summarize findings and recommend corrective measures to seek resolution.
  • Advise leadership of the technical and business risks of identified vulnerabilities.
  • Liaise with external third-party penetration testers as required.
  • Establish and report on metrics to gauge penetration testing effectiveness, progress and key risk areas identified through internal and external audits.
  • Interface directly with management teams for coordination of evidence collection necessary for audit execution.
  • Identify risks and escalates potential project issues to management as required.
  • Implement changes to procedures and systems to enhance data systems security.
  • Recommend process improvement strategies.
  • Monitor remediation activities
  • Provide technical expertise and support to management and associate ethical hacker during penetration testing in the implementation of appropriate data security procedures and products.
  • Identify and determine causes of security violations and recommend corrective actions to ensure data security.
  • May perform other duties as assigned.
Minimum Qualifications:


·        Must be authorized to work in the U.S. without sponsorship, now or in the future

·        Must be able to go through a basic background investigation and drug testing

·        Undergraduate degree in computer science, engineering, information science or a related technical discipline preferred

·        3-5 years of related experience in cybersecurity, with at least 2 directly on penetration testing

·        Excellent interpersonal and written communication skills to present findings, navigate differences of opinion, work productively with various types of leadership, teams, and employees, vendors, and consultants to seek resolution.

·        Ability to read, write, speak and understand English clearly

·        Experience across tools and tech such as Nessus, Nmap, Cobalt Strike, Burp Suite, Metasploit, Raspberry Pi, Rubber Duckies, Raspberry Pi Zeros, etc.

·        Proven experience coordinating and executing pen testing activities in a large complex environment

·        Maintain subject matter expertise around threat and vulnerabilities to remain aware of the current security threat landscape

·        Intermediate knowledge of internal and external audit scopes to provide response to meet client expectations

·        Ability to speak to the MITRE ATT&CK Framework as part of test reports

·        Ability to team well with others to facilitate and schedule and coordinate required audit activities

·        Demonstrated integrity and judgment within a professional environment

·        Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario

·        Ability to appropriately balance firm security needs with business impact and benefit

·        Must be able to work independently and with minimal direct supervision

·        Ability to present technical concepts to non-technical audiences

·        Ability to be flexible and adjust to multiple demands, shifting priorities, ambiguity, and rapid change

·        Demonstrated good judgment, tact, and decision-making ability

·        Demonstrated good time management, interpersonal, communication, organizational, and decision-making skills

·        Willingness to travel up to 25%.

·        Bachelor’s degree in Cybersecurity, Computer Science or a related discipline, or equivalent work experience

Preferred Qualifications:

  • One or more of the following certifications preferred:
     GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), OSCP, Certified Information System Auditor (CISA), and/or Certified Internal Auditor (CIA) or other professional certifications in related area.
 

 

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Company Website: www.cyberdefenselabs.com

(if you already have a resume on Indeed)

Or apply here.

* required fields

Location*
Resume/Qualifications*

U.S. Equal Opportunity Employment Information (Completion is voluntary)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

By completing and submitting your application you certify that all the information is true to and complete to the best of your knowledge. If this application leads to hire, I understand that false or misleading information in my application or interview may result in dismissal.