Penetration Tester
Remote
UltraViolet Cyber
Evolve your security operations into your proactive risk reducing superpower through the combination of MDR with Red Teams that validate every alert.UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.
By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.
UltraViolet Cyber (UV Cyber) is seeking an experienced Penetration Tester with a background in Web Applications, Network, and Cloud Security. This individual will play a key role in conducting penetration tests as one of the core capabilities of UltraViolet Cyber and our customers.
The penetration tester will execute simulated attacks against client information technology systems to demonstrate susceptibility to such attacks by an adversary, similar to how an advanced persistent threat (APT) would attempt to breach into an organizations' information systems. Qualified candidates must be able to assess target systems, identify vulnerabilities, safely exploit those vulnerabilities, and effectively communicate the risk to the client.
US Citizenship required, and candidates must be willing to be submitted for a US Government background investigation.
No third-party candidates will be considered
Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE)
Understanding US Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), NSA Guides, National Checklist Program (NCP) or Common Secure configurations
Responsibilities
- Conduct web application, Application Programming Interface (API), network, and cloud penetration tests.
- Use common penetration testing and red-team tools, tactics, techniques, and procedures.
- Analyze Proof of Concept (PoC) exploits to understand the underlying vulnerability and tailor the PoC to be safely used in target space.
- Automate Red Teaming and Penetration Testing techniques, to efficiently scale offensive operations, using common scripting and programing languages (e.g. Golang, Python, JavaScript, Bash, PowerShell, etc.).
- Conduct security assessments of cloud environments and application source code review.
- Conduct penetration tests in accordance with standard methodologies (i.e. OWASP, NIST, PTES).
- Utilize custom penetration testing tools, frameworks, and infrastructure.
- Assess risk of discovered vulnerabilities based on likelihood and severity of exploitation.
- Document and deliver technical reports on detailed findings and vulnerability remediation recommendations.
- Collaborate with clients throughout an assessment on status and vulnerability information.
- Evolve our capabilities and toolset
Penetration Testing in three (3) or more of the following:
- Web Applications
- External Networks
- Internal Networks
- Active Directory
- Cloud Environments (e.g. AWS, Azure, GCP)
Tools / Services:
- NMAP
- BurpSuite
- CrackMapExec
- BloodHound
- Ansible
- Terraform
- Git
- AWS
Minimum Requirements
- Bachelor’s Degree in Cybersecurity or related field preferred
- At least 2 years of experience related to conducting penetration tests or red-team assessments .
- Offensive Security Certified Professional (OSCP) preferred but not required: OSCP experience and knowledge is highly preferred.
UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.
If you want to make an impact, UltraViolet Cyber is the place for you!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Ansible APIs APT Automation AWS Azure Bash Burp Suite Cloud CVSS Exploit Exploits GCP Golang JavaScript NIST Nmap Offensive security OSCP OWASP Pentesting PowerShell Python Red team SCAP Scripting Security assessment STIGs Terraform Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs