Penetration Tester

Vienna, Virginia

XOR Security logo
XOR Security
Apply now Apply later

Posted 1 month ago

The Company:

At XOR Security, we build solutions that keep our citizens safe, our customer’s information secure and our intelligence professionals one step ahead of the adversary. From defensive and offensive cyber operations to data analytics and strategic consulting, the XOR team provides the insight, expertise and dedication to ensure mission success. Our solutions deliver certainty – the certainty clients need to make critical decisions and lead with confidence.

XOR Security is currently seeking a talented Penetration Tester to support one of our premier commercial clients, a large financial institution. The ideal candidate will have a solid understanding of cyber threats and information security and has a passion for making the clients infrastructure more secure. Additionally, the ideal candidate would have familiarity with penetration testing and exploit development, and is familiar with cloud-based and external-facing application. 

Required Qualifications:

  • OSCP, CEH, GPEN or equivalent certification required
  • Minimum of 3 -5 years of experience with conducting Penetration Testing, Vulnerability Management, using MITRE ATT&CK framework and OWASP standard
  • Proficiency with cloud-based platforms (AWS, Azure) and related security infrastructure. 
  • Hands on experience with penetration testing and vulnerability scanning tools listed below: Kali Linux, Metasploit, Burp suite, Cobalt Strike, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Scuba, and Appdetective
  • Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting.
  • Experience with a programming language(s) such as Python, Ruby, Perl, Powershell JavaScript, C, C#, C++,, or etc,.
  • Expertise with all major Operating Systems and Web Services (Apache, IIS, WebLogic’s)
  • Good understanding of network protocols
  • Experience with Command Line Instruction (CLI), and scripting languages like Batch, Bash, and PowerShell languages
  • Able to work independently as needed
  • Familiarity with NIST and FISMA compliance
  • Bachelor’s Degree from an accredited college in Computer Science, Computer Engineering, Information Systems or equivalent experience

Desired Qualifications:

  • Experience with forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and verification of new APT TTPs.
  • Able to generate threat intelligence indicators during the course of Threat Emulation operations and apply/fine tune them across the enterprise network.
  • Research and remain up to date with emerging threats and Threat Emulation methodologies.
  • Ability to work with a cyber network defense organization to improve an organization’s detection capabilities.
  • Ability to research and apply knowledge of Advanced Persistent Threat or Emerging Threats.
  • Master’s Degree from an accredited college in Computer Science, Computer Engineering, Information Systems or equivalent experience

Job Duties:

  • Carry out application, network, systems and infrastructure penetration tests using MITRE ATT&CK framework and OWASP standard
  • Produce detailed Penetration findings report with remediation recommendations
  • Conduct periodic vulnerability scans and produce reports
  • Write scripts to collect external facing hosts in cloud environment
  • Review physical security and perform social engineering tests where appropriate
  • Evaluate and select from a range of penetration testing tools
  • Make suggestions for security improvements

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP 


Job tags: Analytics ASP.NET AWS Azure Burp Suite C CEH Clearance Cobalt Strike FISMA Forensics GPEN JavaScript Kali Linux Malware Metasploit NIST OSCP Penetration Tester Penetration testing Perl Python Ruby Threat intelligence TTPs Vulnerability management