Radiance Technologies is seeking a Cyber Vulnerability Assessment Penetration Tester (mid-level) to support development of risk mitigation procedures and strategies for customers in government, energy, manufacturing, medical, automotive, avionics, and rail industry sectors. The Information Technology (IT) / Operational Technology (OT) convergence domain is a particularly challenging space in which Radiance is helping our customers develop proven effective risk strategies. You’ll join an interdisciplinary team directly supporting operational resiliency of our national infrastructure.
The ideal candidate possesses working knowledge and practical experience in the following areas:
- Good security practice and controls in the ICS IT/OT convergence space
- IP network (black/grey/white box) penetration testing and vulnerability assessment practices
- Hardware penetration testing, including testing of ICS OT and embedded systems
- x86, ARM, PowerPC assembly language programming
- Scripting experience with python or similar, and experience with PowerShell scripts
- Security tools including IDA Pro, Kali, OllyDbg, GRASSMARLIN and Wireshark
- Good security practice, including cloud security
- Operational Technology (OT) and ICS/SCADA stack structures and protocols,
- Secure network communication and technologies
- Custom tool development/scripting with Python, Perl, PowerShell, and/or similar scripting. Coding skills are also highly desirable for new tool development
- Knowledge of a wide array of network and operational technologies, and possess a willingness to continually learn
- Work effectively in a matrixed team environment with minimal guidance,
- Mentor and develop more junior analysts
- Communicate technical security risk concepts to both a technical and non-technical executive-level audience
- Develop reports using good technical writing skills
- Develop technical papers, assessment reports, test designs, and presentation products required by internal and external consumers
- Develop presentations and papers for security conferences and which he/she will speak
- Willing to travel to customer site for assessments
Radiance Technologies is an employee-owned company with benefits that are unmatched by most companies in the Dayton OH area. Employee ownership, generous 401K, full health/dental/life/vision insurance benefits, interesting assignments, educational reimbursement, competitive salaries and a pleasant work environment combine to make Radiance Technologies a great place to work and succeed. In fact, RADIANCE WAS NAMED BY THE DAYTON BUSINESS JOURNAL AS ONE OF THE BEST PLACES TO WORK IN DAYTON IN 2017, 2018, AND 2019!
Required Skills
- US Citizenship with the ability to obtain and maintain a security clearance
- Desire and ability to travel as required
Required Experience
- Two or more years of experience in IP network penetration testing
- Experience with NIST Risk Management Framework
- Experience with conducting IT audits of technical security application controls
- Experience in network vulnerability assessments
- Experience or solid working knowledge of black, grey, and white-box penetration testing
- Proven understanding of static and dynamic hardware and software vulnerability assessments methodologies
- Working knowledge of Industrial Control System operational technologies (OT) protocols
- Demonstrated working knowledge of multiple approaches to cyber threat modeling and applied cyber kill chain
- Experience in customizing and automating security tools for testing
- Experience with security tools as Nessus, Elk Stack, MSFconsole, AirCrack-ng, Kismet, and Nmap, etc.
DESIRED QUALIFICATIONS:
- Bachelor’s degree or higher
- Active Security Clearance
- Relevant certifications such as OSCP
- Experience with vulnerability assessments of ICS architectures in a production environment