Red Team White Box Tester / Penetration Testing

Red Team White Box Tester / Penetration Testing

Posted 3 days ago by 1753797948

Apply
Negotiable
Outside
Remote
USA
Apply
Application Programming Interface (API) Automation Bash (Scripting Language) Burp Suite C# (Programming Language) C++ (Programming Language) Computer Science Custom Scripting Cyber Defense Database Security Ghidra (Reverse Engineering Software) IBM DB2 IDA Pro Information Assurance Information Management Management Metasploit Microsoft Windows Mobile Devices MySQL Nessus Nmap Online Certificate Status Protocol Operating Systems Penetration Testing Python (Programming Language) Scripting Security Testing Social Engineering Unix Vulnerability Web Applications Windows PowerShell Wireshark

Summary: The role of Red Team White Box Tester / Penetration Tester involves conducting extensive security testing, including web penetration and reverse engineering, with a focus on identifying and exploiting vulnerabilities. Candidates should possess a strong background in penetration testing, malware development, and relevant certifications. The position is primarily remote, with options for hybrid work in specific locations. Experience of 3-8 years is preferred, emphasizing hands-on skills in security testing and exploit development.

Key Responsibilities:

  • Conduct heavy web penetration testing and reverse engineering.
  • Perform manual testing and exploit vulnerabilities in various systems.
  • Develop command and control (C2) infrastructure and execute cyber defense evasion techniques.
  • Utilize various penetration testing tools and scripting languages for automation.
  • Engage in vulnerability research and CVE assignments.
  • Test security of network, web applications, and mobile devices.
  • Collaborate with vendors to report and remediate identified vulnerabilities.

Key Skills:

  • Strong proficiency in network, web application, and mobile device security testing.
  • Experience in exploit, payload, and attack framework development.
  • Knowledge of EDR detection capabilities and defense evasion techniques.
  • Proficiency in custom scripting (Python, Powershell, Bash).
  • Understanding of security vulnerabilities and exploit development.
  • Experience with penetration testing tools (Kali, Metasploit, Burp Suite, etc.).
  • Knowledge of database security testing (MSSQL, MySQL, etc.).
  • Experience with various operating systems and platforms (Windows, Unix, etc.).
  • Professional security certifications (OSCP, OSWE, etc.) are preferred.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office (hybrid) Chicago, IL / Dallas, TX

Security Red Team White Box Tester / Penetration Testing

The role will continue passed the end of the year. It will be renewed

They have C2s and CVEs on their resumes.

The preference is if they do reverse engineering.

Heavy web penetration testing

coding languages like Python, C++, and C#.

Able to perform an exploit, found a bug that nobody found and reports it to the vendor

certs would be important like hack the box, bug bounty, ocsp, gxpn, etc.

heavy manual testing

malware development, etc.

The more they have on their resume that I just highlighted, the better

like minimum 3-8 years of experience, not people with 20 years of experience.

5+ Plus years penetration testing knowledge how to build command and control c2 infrastructure network/operating system application web mobile social engineering emissions signals white box penetration testing this is a hands-on hacker that can hack anything enterprise wide.

II. SKILL AND EXPERIENCE REQUIRED:

Desired:

  • Strong proficiency in Network, Web Application, and Mobile Device security testing
  • Demonstrated exploit, payload, and attack framework development experience
  • Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting
  • Strong proficiency in social engineering and intelligence gathering.
  • Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
  • Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically
  • Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities
  • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
  • Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
  • Track record of vulnerability research and CVE assignments
  • Knowledge of Windows APIs and Living off the Land (LOL) Binaries
  • Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.

Education and/or Experience:

  • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired.
  • 3+ Years' experience of Penetration testing
  • 5+ Years' experience in Information Assurance or Information Security environment.

Certifications:

  • [Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)

Apply
Similar Jobs
Loading data...