Penetration Consultant

Title: Principal Red Team Operator
Start Date: 5/19
Duration: 3-month CTH
Location: Charlotte (preferred)
Payrate: $61-68/hr

Why: Building out a new Red Team for their CSO Ops Division

Mission: To join a new & developing team: Cyber Operations Red Team within Cyber Security Organization aimed at uncovering vulnerabilities across networks, systems, applications, and processes

Must haves:

• 7+ years of experience in penetration testing and red team operations


• Deep understanding of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols, devices, security mechanisms and how they operate.


• Strong understanding of network security threats including APT, botnets, Distributed Denial of Service (DDoS) attacks, worms, and network exploits.


• Experience with network probing/testing/analysis tools (Nessus, Nmap, burp, Wireshark, etc.)


• Deep technical knowledge of Windows, UNIX, and Linux operating systems as both an expert user and system administrator
  Programming skills that will be used to construct, modify, and execute testing tools including shell (ksh, bash), [g]awk, Python, PERL, regex, Java, C, C++, C#, PowerShell, curl, Web application development (PHP, ASP.NET, etc.)


• Comprehensive knowledge of software security testing principles, practices, and tools, experience of vulnerability assessments in a complex environment.


• Experience with Malware (including reverse engineering) and with internal and external attacks.


• Experience or familiarity with vulnerability analysis, computer forensics tools, cryptography principles


• Excellent teamwork skills for collaboration on analysis techniques, implementation, and reporting.


• Must be able to work both independently as well as effectively work in teams of individuals with a variety of skills and backgrounds.


• Excellent written and verbal communication skills and have demonstrated ability to present material to senior officials.


• Highly self-motivated requiring little direction.


• Demonstrates creative/out-of-the-box thinking and good problem-solving skills.


• Demonstrates strong ethical behavior.

Plusses:

• Strong knowledge of an enterprise architecture


• Ability to obtain a strong and ongoing understanding of the technical details involved in current APT threats and exploits involving various operating systems, applications, and networking protocols.


• Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.


• Understanding of cloud-based architectures and highly distributed big data architectures


• Understanding of mobile android and iOS environments and app development


• Experience with application security testing tools, such as the Metasploit framework and Burp Suite


• One or more of these certifications
  CEH: Certified Ethical Hacker
  CPT: Certified Penetration Tester
  CEPT: Certified Expert Penetration Tester
  GPEN: GIAC Certified Penetration Tester
  OSCP: Offensive Security Certified Professional
  BS/MS degree in Computer Science, Cyber Security, Engineering, or related technical field