Penetration Tester - Junior
At XOR Security, we build solutions that keep our citizens safe, our customer’s information secure and our intelligence professionals one step ahead of the adversary. From defensive and offensive cyber operations to data analytics and strategic consulting, the XOR team provides the insight, expertise and dedication to ensure mission success. Our solutions deliver certainty – the certainty clients need to make critical decisions and lead with confidence.
XOR Security is currently seeking a talented Penetration Tester - Junior to support one of our premier commercial clients, a large financial institution. The ideal candidate will have a solid understanding of cyber threats and information security and has a passion for making the clients infrastructure more secure. Additionally, the ideal candidate would have familiarity with penetration testing and exploit development, and is familiar with cloud-based and external-facing application.
- OSCP, CEH, GPEN or equivalent certification required
- Minimum of 3 -5 years of experience with conducting Penetration Testing, Vulnerability Management, using MITRE ATT&CK framework and OWASP standard
- Proficiency with cloud-based platforms (AWS, Azure) and related security infrastructure.
- Hands on experience with penetration testing and vulnerability scanning tools listed below: Kali Linux, Metasploit, Burp suite, Cobalt Strike, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Scuba, and Appdetective
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting.
- Expertise with all major Operating Systems and Web Services (Apache, IIS, WebLogic’s)
- Good understanding of network protocols
- Experience with Command Line Instruction (CLI), and scripting languages like Batch, Bash, and PowerShell languages
- Able to work independently as needed
- Familiarity with NIST and FISMA compliance
- Bachelor’s Degree from an accredited college in Computer Science, Computer Engineering, Information Systems or equivalent experience
- Experience with forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and verification of new APT TTPs.
- Able to generate threat intelligence indicators during the course of Threat Emulation operations and apply/fine tune them across the enterprise network.
- Research and remain up to date with emerging threats and Threat Emulation methodologies.
- Ability to work with a cyber network defense organization to improve an organization’s detection capabilities.
- Ability to research and apply knowledge of Advanced Persistent Threat or Emerging Threats.
- Master’s Degree from an accredited college in Computer Science, Computer Engineering, Information Systems or equivalent experience
- Carry out application, network, systems and infrastructure penetration tests using MITRE ATT&CK framework and OWASP standard
- Produce detailed Penetration findings report with remediation recommendations
- Conduct periodic vulnerability scans and produce reports
- Write scripts to collect external facing hosts in cloud environment
- Review physical security and perform social engineering tests where appropriate
- Evaluate and select from a range of penetration testing tools
- Make suggestions for security improvements
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP