· Conduct highly complex security audit and offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk
· Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders
· Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing
· Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
· Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
· Other duties as assigned, assist in scoping and executing prospective engagements
· Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures
· Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
· Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing
· While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hires
· Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes
· Assist in scoping and executing prospective engagements
· Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures
· Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
· While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hires
· Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes
· Understand complex computer systems and technical cyber security terms
· Work with clients to determine their requirements from the test, for example, the number and type of systems they would like testing
· Plan and create penetration methods, scripts and tests
· Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
· Simulate security breaches to test a system's relative security
· Create reports and recommendations from your findings, including the security issues uncovered and level of risk
· Advise on methods to fix or lower security risks to systems
· Present your findings, risks and conclusions to management and other relevant parties
· Consider the impact your 'attack' will have on the business and its users
· Understand how the flaws that you identify could affect a business, or business function, if they're not fixed.
· Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
· Develop and maintain security testing plans
· Automate penetration and other security testing on networks, systems and applications
· Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
· Produce actionable, threat-based, reports on security testing results
· Act as a source of direction, training, and guidance for less experienced staff
· Mentor and coach other IT security staff to provide guidance and expertise in their growth
· Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
· Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
· Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
· Foster and maintain relationships with key stakeholders and business partners.
· Ability to identify and exploit web vulnerabilities (XSS, CSRF, sqli, SSRF, arbitrary file upload, etc.)
· Ability to identify and exploit mobile vulnerabilities (REST and graphql API issues, insecure storage, memory corruption, deep links, etc.)
· Network penetration testing experience, VPS and shared server configurations and vulnerability findings
· Linux security and types of attack (Malware, Sniffing attack, Brute-force attack, SQL injection, Cross-site scripting (XSS), No function-level control, broken authentication) experience.
· Familiarity with programming languages like python and JavaScript.
· Protocol analysis and CTF experience
· Experience Penetration Testing Tools Air crack-ng, Burp Suite, Cain and Abel, CANVAS by Immunity, John the Ripper, Metasploit, SQL map, Nmap, Astra Pentest.
· Secure coding review and audit practices
· Cryptography and hashing experience
· Reading and writing assembly (x86 and ARM)
· Binary analysis tools and debuggers (IDA Pro, Ghidra, windbg, etc.)
· Exploit Development and Web application penetration testing
· Mobile application penetration testing
· Source code vulnerability analysis and Serious problem-solving skills
· An in-depth understanding of computer systems and their operation
· Excellent spoken and written communication to explain your methods to a technical and non-technical audience
· Attention to detail, to be able to plan and execute tests while considering client requirements
· The ability to think creatively and strategically to penetrate security systems
· Good time management and organizational skills to meet client deadlines
· Ethical integrity to be trusted with a high level of confidential information
· The ability to think laterally and 'outside the box'
· Teamwork skills, to support colleagues and share techniques
· Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
· Business skills to understand the implications of any weaknesses you find
· Commitment to continuously updating your technical knowledge base.
Minimum qualifications
· Bachelor’s degree in Computer science, Software Engineering and related field or equivalent experience in pen testing and ethical hacking.
· 3+ years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures
· Experience in offensive security, with the ability to think like an adversary
· Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks
· Strong experience in operating system and application security hardening and best practices
· Strong investigative mindset with an attention to detail
· Experience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platforms
· Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations and hosting providers
· Exposure and understanding of enterprise solutions from a functional and security perspective
· Bachelor’s degree (or equivalent) in a technical field
· Minimum of one (GPEN, CEH, and/or GWAPT) certification required
· Must have or be willing to get Offensive Security Certified Professional (OSCP) certification within 6 months
· Web Application Penetration Testing
· Email, phone, or physical social-engineering assessments
· Shell scripting or automation of simple tasks using Java script, Python, or Ruby
· Developing, extending, or modifying exploits, shellcode or exploit tools
· Reverse engineering malware, data obfuscators, or ciphers
· Source code review for control flow and security flaws
· Strong knowledge of tools used for wireless, web application, and network security testing including REST and graphql API.
· Thorough understanding of network protocols, data on the wire, and covert channels
· Solid understanding of Unix/Linux/Mac/Windows operating systems, including bash and powershell.
Certification
The ideal candidate has achieved multiple industry certifications, and at least one advanced level certifications (OSCP, OSWE, GWAN, OSWP, or equivalent).
· Certified Expert Penetration Tester (CEPT)
· Certified Mobile and Web Application Penetration Tester (CMWAPT)
· Certified Red Team Operations Professional (CRTOP)
· CompTIA PenTest+
· EC-Council Certified Ethical Hacker (CEH)
· EC-Council Licensed Penetration Tester — Master (LPT)
· GIAC Certified Penetration Tester (GPEN)
· GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
· GIAC Web Application Penetration Tester (GWAPT)
· IACRB Certified Penetration Tester (CPT)
· Offensive Security Certified Professional (OSCP)
Candidates should have 3+ years of experience performing penetration tests