Cyber Defense Labs, LLC

Senior Offensive Security Specialist

Ubicación

Remote, US

Tipo

Full Time

Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect, and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during, and after a cyber event. 

Senior Offensive Security Specialist 
Job Summary:
Become a part of a diverse team of experts in the cyber security space at Cyber Defense Labs. At Cyber Defense Labs, you will help identify issues within our customers networks to secure them from today’s ever-changing threats and risks while working on innovative projects that offer opportunities for learning and advancement.

Cyber Defense Labs is looking for a Senior Offensive Security Specialist to join our penetration testing team. The team is responsible for executing advanced network penetration testing engagements for clients, performing in-depth analysis on network vulnerabilities, and providing input on security concerns across the Cyber Defense Labs customer base while being subject matter experts in network security. 

Primary Duties and Responsibilities:
  • Full scope penetration testing against a variety of targets. These include:
    • Network Penetration Testing (Internal, External, and Wireless)
    • Web Application and API testing
    • Mobile application testing
    • Social Engineering 
  • Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team
  • Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises
  • Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans
  • Research and continuously improve skills in attacker tools, methods, and techniques
  • Develop and maintain tools and techniques for adversarial simulation, vulnerability research, and exploit development
  • Provide technical expertise and advice on all areas of security technology, including network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks
  • Communicate new developments, breakthroughs, challenges, and lessons learned to team members and leadership
  • Develop custom scripts or tools used for vulnerability scanning and identification as part of penetration testing
  • Draft reports for engagements to industry standards and company guidelines
Minimum Qualifications:
  • Must be able to go through a background investigation and successfully pass a drug test
  • 5+ years of demonstrating experience in planning and executing penetration tests against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies
  • Experience developing detailed penetration testing reports and presentations that can speak to multiple audience types
  • Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice
  • Familiarity with classes of vulnerabilities, appropriate remediation, and industry- standard classification schemes (CVE, CVSS, CPE)
  • Excellent time management, multi-tasking, and prioritization skills as well as the ability to manage multiple concurrent projects
  • Strong experience working in complex environments with the ability to work through contractual requirements and demands to ensure a successful engagement
  • Excellent written and verbal communication skills, interpersonal and collaborative skills 
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
  • Enjoys learning and staying current with industry developments, regulations, and best practices
  • Willingness to travel up to 25% to customer sites when required
Preferred Qualifications:
  • An advanced degree in an IT-related field
  • A GitHub or other public source demonstrating project experience or experimentation
  • Demonstrated ability by creating custom tools for penetration testing and contributing to open-source technology
  • Expertise in developing exploits and customized attack tooling and approaches
  • Demonstrated security research leading to bug bounty and CVE awards
  • Proven experience with scripting languages (language independent) and developing scripted solutions to problems
  • Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK frameworks
  • Working knowledge of defensive security techniques and technologies
 One or more of the following certifications preferred:
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Experienced Penetration Tester (OSEP)
  • Offensive Security Web Expert (OSWE)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • other professional certifications in related areas

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Página Web de la Compañía: www.cyberdefenselabs.com

(si ya tienes un currículum en Indeed)

O aplicar aquí.

* campos requeridos

Ubicación*
Currículum/Calificaciones*

Información de Empleo de Igualdad de Oportunidades en los EE. UU. (La finalización es voluntaria)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

By completing and submitting your application you certify that all the information is true to and complete to the best of your knowledge. If this application leads to hire, I understand that false or misleading information in my application or interview may result in dismissal.