ShiftCode Analytics
Interview: F2F/Virtual
Visa: Any except h1b
Hybrid: Chicago, IL Preferred, Dallas, TX Alternative
Rate: DOE
JD:
Our client is seeking a Security Red Team White Box Tester for a long term contract opportunity.
Responsibilities • Help plan, design and execute security red team related activities (e.g., Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion "Stealth" techniques, etc.) • Assist with ad-hoc white-box penetration testing work of OCC's infrastructure that is still currently in Development, or in need of pre-Production penetration testing • interact with multiple teams such as Cyber Defense, Security Assurance, and various other Security and IT teams to coordinate penetration testing engagements and re-test remediated Red Team findings. • Produce reports and present findings to various levels of leadership and staff relating to security testing activities, as needed • Perform security risk assessment, threat analysis and threat modeling.
Required: • Strong proficiency in Network, Web Application, and Mobile Device security testing • Demonstrated exploit, payload, and attack framework development experience • Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting • Strong proficiency in social engineering and intelligence gathering. • Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation. • Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically • Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). • Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.). • Track record of vulnerability research and CVE assignments • Knowledge of Windows APIs and Living off the Land (LOL) Binaries • Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. • 3+ Years' experience of Penetration testing • 5+ Years' experience in Information Assurance or Information Security environment.
Desired • [Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)
Responsibilities • Help plan, design and execute security red team related activities (e.g., Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion "Stealth" techniques, etc.) • Assist with ad-hoc white-box penetration testing work of OCC's infrastructure that is still currently in Development, or in need of pre-Production penetration testing • interact with multiple teams such as Cyber Defense, Security Assurance, and various other Security and IT teams to coordinate penetration testing engagements and re-test remediated Red Team findings. • Produce reports and present findings to various levels of leadership and staff relating to security testing activities, as needed • Perform security risk assessment, threat analysis and threat modeling.
Required: • Strong proficiency in Network, Web Application, and Mobile Device security testing • Demonstrated exploit, payload, and attack framework development experience • Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting • Strong proficiency in social engineering and intelligence gathering. • Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation. • Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically • Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). • Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.). • Track record of vulnerability research and CVE assignments • Knowledge of Windows APIs and Living off the Land (LOL) Binaries • Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. • 3+ Years' experience of Penetration testing • 5+ Years' experience in Information Assurance or Information Security environment.
Desired • [Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)