Are you a cyber-security professional who is looking to work with some of the top talent in the industry? Would you like to work on projects where cyber security is not an afterthought?
If you answered yes to these questions Secure Yeti has a great opportunity for a Penetration Tester that can work from anywhere in the continental US. Secure Yeti’s goal is to become one of the most respected names in cyber security. Our small and nimble company has attracted some of the top talent in the community and offers cyber security professionals a great place to grow. We also offer you the opportunity to participate in our 401(k) and health, vision, dental insurance programs. Interested applicants should apply immediately.
What you will do:
- Conduct penetration testing on cloud and web applications, operating systems, network protocols, wireless, mobile, databases, middleware, etc…
- Conduct Security Control Assessments (SCA) to evaluate the cyber-security posture of people, processes, and technology within client environments
- Play an active role in Threat Modeling exercises that translate security requirements into secure coding practices. This includes working with development teams through various stages of the Software Development Life Cycle to 1) identify/document potential vulnerabilities and attack vectors, and 2) ensure applications are designed and developed in a manner that mitigates those security risks.
- Develop, extend, and modify exploits, shellcode, and exploit tools; develop innovative tools, solutions, and processes
- Keep up to date with current and emerging exploits, TTPs, and offensive security tooling
- Continuously grow your tradecraft and improve team capabilities
- Brief executive stakeholders on enterprise risks identified through penetration testing and SCA activities
- Research and remain current on emerging threats and adversary emulation methodologies
- Train offensive and defensive colleagues on new TTPs and mentor junior teammates
- Develop comprehensive/accurate reports and presentations for both technical and executive audiences
- Provide actionable and detailed recommendations for any deficiencies identified
- Expertise testing web applications for common security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues
- Experience in performing security assessments in cloud environments
- Active Directory and enterprise network exploitation
- Hands-on experience with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, and exploit frameworks (ex: Burp, Nessus, Nmap, Metasploit, Cobalt Strike, Empire, etc.)
- Demonstrated expertise with real-world vulnerabilities, exploits, and payloads
- Understanding of defensive controls and how to bypass them
- Modifying and using payloads to avoid common detections
- Handling and managing implants and footholds during penetration testing activities
- Demonstrated ability to work on multiple projects simultaneously and in a highly dynamic, rapidly changing environment
- Team player with demonstrated consultative skills and ability to work effectively with clients, internal management and staff, vendors, and consultants
- Deploying, configuring and managing infrastructure to support offensive operations
- All phases of penetration testing operations including recon, social engineering, exploitation, lateral movement and exfiltration
- OPSEC techniques including network traffic, post-exploitation activities and payloads to blend in to target environments
- Experience with open security testing standards and projects, including OWASP & ATT&CK
- The following certifications are highly preferred: GPEN, GXPEN, OSCP
- Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent work experience
- 5+ years of prior experience performing offensive security operations including red teaming, penetration testing, and security control assessments; or an equivalent combination of education and work experience
- Ability to pass a federal background check and drug test, and credit check
- Ability to able to obtain and maintain a National Security Clearance.