Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Assistant Director Penetration Testing

C

Cyber Defense Labs, LLC

Assistant Director Penetration Testing

Dallas, TX
Full Time
Paid
Similar Jobs
  • Responsibilities

    Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.

    Title: Assistant Director – Penetration Testing Team Lead (Proactive Technical)

    Reports to: Director of Technical Proactive Services

    Job Summary:

    We are seeking an Assistant Director - Penetration Testing - Proactive Services to join our dynamic Security Testing team and take the lead in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.

    Primary Duties and Responsibilities:

    Conduct Web application penetration testing.

    Conduct API penetration testing.

    Conduct Mobile Application penetration testing on iOS and Android platforms.

    Conduct security assessments on a wide variety of technologies and implementations.

    Simulate sophisticated cyberattacks to identify vulnerabilities for clients worldwide.

    Conduct source code reviews for security vulnerabilities.

    Develop custom scripts or tools used for vulnerability scanning and identification as part of penetration testing.

    Recommend remediation actions to mitigate valid findings.

    Mentor and provide guidance for junior team members.

    Work closely with the Director/Senior Manager/Principal Consultant of the team to develop and implement initiatives on training and TTPs.

    Lead engagements and act as the point of contact for client engagement

    Draft and review reports for assessments to industry standards and company guidelines

    Minimum Qualifications:

    At least 5 years of hand-on experience in performing external and internal penetration tests using industry standard tools such as Metasploit, Core Impact, Nmap, Burp Suite, etc.

    Serves as the technical lead on penetration testing efforts.

    Proficiency with red teaming tests in the performance of penetration testing.

    Proficiency in mobile application penetration testing.

    Thorough understanding of Windows and Linux based Operating Systems, networking (TCP/IP, Ports, Active Directory, DNS, and DHCP), Switch / Router configuration, and Security.

    Proficiency with at least two scripting languages (e.g., Python, Bash, JavaScript, PowerShell); Ability to write custom exploit code, Metasploit modules, and attack tools are highly desired.

    An understanding of cloud computing models, technologies and concepts.

    Understanding of FISMA, PCI, and Federal Risk and Authorization Management Program (FedRAMP), NIST, GDPR programs and penetration testing requirements associated with them.

    Advanced written and verbal communication skills, strong analytical and interpersonal characteristics, and ability to work both independently and collaboratively.

    Must be a US Citizen.

    Must pass basic background investigation.

    Undergraduate degree in computer science, engineering, information science or a related technical discipline preferred.

    Ability to team well with others to facilitate and schedule and coordinate required audit activities.

    Ability to think creatively while accounting for multiple perspectives in any given scenario.

    Ability to present technical concepts to non-technical audiences.

    Ability to be flexible and adjust to multiple demands, shifting priorities, ambiguity, and rapid change.

    Demonstrated good judgment, tact, and decision-making ability.

    Demonstrated good time management, interpersonal, communication, organizational, and decision-making skills.

    Willingness to travel to customer sites when required.

    Preferred Qualifications:

    An advanced degree in an IT-related field

    A desire to teach and evangelize security and different technologies, both internally and to clients

    Experience as a technical team lead or manager of penetration testers.

    A GitHub or other public source repo demonstrating project experience or experimentation.

    Database administration, device configuration hardening, and compliance

    Software engineering experience including knowledge of the Software Development Lifecycle

    Systems Administration/Engineering experience including DevOps / DevSecOps.

    Experience with common web frameworks, for example, jQuery, Bootstrap, Django, etc.

    Experience with common development languages, for example, VB.net, Java, C#, JavaScript, etc.

    Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

    Working knowledge of defensive security techniques and technologies

    One or more of the following certifications preferred:

    GIAC Web Application Penetration Tester (GWAPT)

    GIAC Penetration Tester (GPEN)

    Certified Ethical Hacker (CEH)

    Certified Information Security Manager (CISM)

    Certified Information System Auditor (CISA)

    Certified Internal Auditor (CIA)

    or other professional certifications in related area.

    Please note Cyber Defense Labs does not accept resumes from any source other than directly from candidates. We will not consider resumes from vendors including and without limitation search firms, staffing agencies, fee-based referral services and recruiting agencies.