Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Penetration Tester

G

Gray Tier Technologies

Penetration Tester

National
Full Time
Paid
Similar Jobs
  • Responsibilities

    Gray Tier Technologies, LLC is looking for a candidate that possess a deep understanding of both Information Security (INFOSEC) and Computer Science (CS). Candidate should have a strong knowledge of basic concepts such as networking, applications, and operating system (OS) functionality. Candidate should also have knowledge of/or presented with advanced concepts such as application manipulation, exploit development, and stealthy operations. Typical daily work will consist of application identification, coding/scripting, reversing applications, RFI/LFI attacks, XSS, SQLInjection, directory traversal attacks, near zero day (0-Day) remote execution attacks all without being detected. Advance Persistence Techniques (APT) and trends are highly desirable. Exploiting extremely large scale environments while remaining stealthy, identify and exploit mis-configurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think outside the box, and cannot believe that MS08-067 is still on production networks, are all desirable skillsets.

    LOCATION: Northern Virginia/Washington DC area

    US GOVERNMENT SECURITY CLEARANCE: SECRET with the eligibility for TS/SCI. Preferred TS/SCI

    RESPONSIBILITIES INCLUDE:

    • Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments on legacy and modern technologies
    • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
    • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
    • Recognize and safely utilize attacker tools, tactics, and procedures
    • Develop scripts, tools, or methodologies to enhance our penetration testing processes
    • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

    REQUIREMENTS:

    • Expert ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients
    • Demonstrate experience with researching and testing new and innovative technology
    • Demonstrate expert-level knowledge with TCP/IP, 802.11a/b/g/n;
    • 3-5 years' of experience with Penetration Testing/Network Security, application assessment, and/or web application testing;
    • Demonstrate advanced knowledge in the Red Team/Penetration Testing field or related area within an enterprise environment ;
    • Demonstrate advanced experience in multiple programming & scripting languages (C/C++, Python, Ruby, PowerShell)
    • Demonstrate advanced experience in administering and security testing of multiple Operating Systems (Windows, UNIX, Linux, OSX…), Network devices, storage devices, and Applications
    • Demonstrate advanced experience with utilizing Penetration Testing Software, Commercial & open source applications in an Enterprise solution like Kali Linux, Cobalt Strike, Vulnerability Scanners, Empire, Beef, MSF, SME, Responder, BURP, and OCOHashCat
    • Demonstrate advanced experience with gaining and maintaining network footholds, privilege escalation, IDS/HBS evasion techniques to secure persistent presence.
    • Demonstrate experience with performing Social Engineering and client-side exploitation
    • Offensive Security Certified Professional (OSCP) Certification or Offensive Security Certified Expert (OSCE) Certification(s) are desired
    • GIAC Penetration Tester (GPEN), Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), or Certified Information Systems Security Professional (CISSP) Certifications will need to have an accompanying hands on certification like Licensed Penetration Tester (LPT) Certification.

    QUALIFICATIONS

    • Some Travel
    • Ability to successfully interface with clients (internal and external)
    • Ability to document and explain technical details in a concise, understandable manner
    • Ability to manage and balance own time among multiple tasks, and lead junior staff when required