Vulnerability Researcher and Penetration Tester

Vienna, VA

Applications have closed
XOR Security logo
XOR Security

Posted 1 month ago

Job Description:

XOR Security is currently seeking a Vulnerability Researcher and Penetration Tester to support a large commercial financial entity. The SME will conduct hands-on enterprise and application level security assessment for cloud-based web application. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring and vulnerability assessment.  Strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a demonstrated ability to validate and research vulnerabilities, assess system configurations, test exploitability, evaluate mitigating controls, document findings, and work with system owners and technical staff to facilitate vulnerability mitigation.  In addition, the candidate must have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and web-application penetration testing.

Required Qualifications:

  • Total of four years experience in cyber security with specialization in vulnerability analysis, research, and penetration testing
    • 1 years experience with hands-on web application testing against cloud-based application.
    • 2 years experience with penetration testing.
  • Strong analytical and technical skills in conducting vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as but not limited to Qualys, Tenable Security Center, Rapid7 InsightVM.
  • Ability to assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and system owners.
  • Excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
  • Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities
  • Identify security gaps, evaluate and implement enhancements.
  • Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans
  • Able to collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts
  • Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
  • A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Desired Qualifications:

  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
  • 1 years experience with conducting code reviews for vulnerabilities or development experience.
  • One or more certifications for VAT Analysts:  GPEN, GWAPT, GSNA, GMON, GISF, GAWN, GWEB, GXPN, CEH, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP
  • Ability to develop an enterprise Red Team capability

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.


Job tags: Active Directory CEH CISSP DNS GPEN GXPN Linux OSCE OSCP OSEE Penetration Tester Penetration testing Qualys Red team Vulnerabilities Web application testing Windows