Penetration Tester

  • Dallas, TX
  • Posted 19 hours ago | Updated 19 hours ago

Overview

On Site
Full Time
Part Time
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 6

Skills

Mainframe
penetration
mobile device
networking
whitebox

Job Details

Job Title: White Box Tested

Location: Chicago, IL Preferred, Dallas, TX

Duration: 12 month

Job Description:

Our client is seeking a Security Red Team White Box Tester for a long term contract opportunity.

Responsibilities

Help plan, design and execute security red team related activities (e.g., Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion "Stealth" techniques, etc.)

Assist with ad-hoc white-box penetration testing work of OCC's infrastructure that is still currently in Development, or in need of pre-Production penetration testing

interact with multiple teams such as Cyber Defense, Security Assurance, and various other Security and IT teams to coordinate penetration testing engagements and re-test remediated Red Team findings.

Produce reports and present findings to various levels of leadership and staff relating to security testing activities, as needed

Perform security risk assessment, threat analysis and threat modeling.

Required:

Strong proficiency in Network, Web Application, and Mobile Device security testing

Demonstrated exploit, payload, and attack framework development experience

Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting

Strong proficiency in social engineering and intelligence gathering.

Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.

Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically

Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities

Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).

Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).

Track record of vulnerability research and CVE assignments

Knowledge of Windows APIs and Living off the Land (LOL) Binaries

Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.

BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired.

3+ Years' experience of Penetration testing

5+ Years' experience in Information Assurance or Information Security environment.

Desired

[Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.