Senior OT Penetration Tester- Remote (Anywhere in the U.S.)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Summary

GuidePoint Security’s Threat & Attack Simulation Practice provides attack-oriented professional services, Red Teaming, Purple Teaming, Industrial Control System (ICS) centric Penetration Testing, Physical Penetration Testing, (I)IOT assessments, Social Engineering, and various ad hoc custom assessments to address unique information security and operational/safety concerns for clients.

As a Senior OT Penetration Tester, you will be a technically adept and reliable team member who leverages their knowledge, skills, and experience to deliver exceptional results to OT/ICS clients on the team’s penetration testing service offerings and who will assist with shaping the future of this aspect of the practice within GuidePoint Security. Your primary responsibilities revolve around performing challenging and complex assessments, knowledge sharing to “level up” team members, contributing to the practice's growth and improvement in OT/ICS offerings, and assisting with pre-sales activities for these types of assessments.

Senior OT Penetration Testers are encouraged to interact with the Threat & Attack Simulation Leadership Team and contribute to the Practice's future success in OT assessments. GuidePoint Security’s Threat & Attack Simulation service offerings are perpetually evolving in response to emerging threats and diverse client needs. Your creativity and expertise will assist the Practice by adapting to this rapidly changing environment and helping to identify opportunities for new OT offerings for the team to grow into.

Role Responsibilities

Technical:

• Assess network security posture of enterprise-level infrastructure by utilizing industry-standard approaches for conducting vulnerability assessments and penetration testing
• Possess in-depth knowledge of formal assessment methodologies, as well as when to use intuition to creatively deviate from established processes
• Identify common vulnerabilities through the use of automated tools and practical analysis
• Identify obscure vulnerabilities by leveraging your expertise through manual analysis
• Perform safe and reliable exploitation (to the extent possible) for exploitable vulnerabilities
• Understand network, operating system, and application-based detective and preventative controls and evade and/or circumvent such controls effectively. o
• Quickly and efficiently perform post-exploitation activities to fully demonstrate the impact of compromise
• Familiarity with commercial tools, such as Nessus, BurpSuite Pro, intelx.io, Shellter, Cobalt Strike, and Breach and Attack Simulation tools
• Mastery of common open-source tools, such as Nmap, tcpdump/Wireshark, Metasploit, and the Kali Linux Suite (or equivalent)
• Proficient with scripting languages, such as Python, Bash, PowerShell, Go, etc.
• Proven ability to write code to solve problems and automate tedious and time-consuming tasks during assessments
• Exploit development and reverse engineering experience is strongly preferred
• Assess wireless infrastructures and clients that utilize technologies including 802.11, Zigbee, RFID, and Bluetooth
• Proficiency with web application attacks (e.g., OWASP Top 10) is strongly preferred
• Understanding of modern cloud architectures and common cloud service provider services and offerings
• Excels at both remote (phishing and vishing) and onsite/in-person social engineering attacks, with a focus on obtaining sensitive information, physical access, and/or logical access
• Physical security skills are strongly preferred, including lock picking, evasion of defensive controls, obtaining unauthorized access, and collecting sensitive information.
• Possess a solid understanding of TCP/IP, networking technologies, firewall concepts, and network segmentation
• Possess a solid understanding of operating systems, such as Microsoft, Linux, and various Unix variants, as well as supporting technologies, such as Active Directory and LDAP
• Possess a solid understanding of databases, including vendor-specific technologies, such as MS SQL Server, Oracle, MySQL, and PostgreSQL
• Experience assessing hardware/IoT devices, including firmware analysis is not required but would be a significant advantage
• Desire to initiate and conduct research projects
• Familiarity with automation tools such as Ansible 

Business/Professional:

• Ability to think outside the box when presented with complex problems
• Contributions to the information security community are strongly preferred, such as conference speaking, blog articles/white papers, and/or podcasts
• Prizes continuous improvement and desires to aid with practice development as much as personal growth
• Possess a desire to mentor other team members and have a passion for sharing knowledge
• Ability to professionally interact with clients and maintain composure while resolving difficult situations
• Self-motivated and able to work independently, as well as being a reliable addition to team projects
• Ability to effectively multitask and efficiently manage time when simultaneously working on multiple projects during peak busy times
• Highly reliable and able to complete complex projects without significant oversight or supervision
• Possess a firm understanding of the concept of risk as it relates to a business
• Strong verbal communication skills include clearly articulating thoughts, being persuasive, and delivering presentations and training to technical audiences and all management levels
• Excellent written communication skills for preparing formal deliverables, performing quality assurance reviews, and technical oversight for peers, proposals, training content, and white papers/blog articles
• Comfortable interacting with executive management and conveying technical findings in an appropriate business context 

OT Tools and Skills:   Familiarity with all of these technologies isn’t required, but the more the better

• Network health and security monitoring: Bro/Zeek, Nagios, Cacti, SolarWinds, Security Onion
• SIEM: Splunk, LogRythm, AlienVault, ELK
• Firewalls: Cisco ASA, Palo Alto, PfSense/Netgate, Cisco Firepower
• Network Authentication: Cisco ISE, NAP/NAC, AAA, Radius, TACACS+, Active Directory
• IDS/IPS: Forescout SilentDefense/CounterAct, Claroty, Suricata, Snort/SourceFire, Nozomi, Armis, CyberX, Dragos
• VPN technologies: IPsec, OpenVPN
• Penetration testing: Kali Linux, Metasploit, Nessus, Qualys, Burp Suite, Nmap
• Threat Intelligence, Threat modeling, Threat Hunting, Exploit Research and Development
• Python, C#, C, C++, Visual Basic, .Net, Perl, SSRS (2005, 2008, 2012), SQL, Assembly, HTML, PowerShell
• LAN, WAN, Ethernet, Internet, DNP3, Profinet, Profibus, EtherNet/IP, DeviceNet, CIP, ControlNet, Remote IO, Modbus, VLAN, Wireless, Cisco, HP, Firewalls, Network monitoring, SIEM, Client-Server environments, MS Domain services, WSUS
• Microsoft Windows (98, NT, 2000, XP, 7,8.1, 10), Microsoft Server (2003, 2008, 2008 R2, 2012, 2012 R2, 2016, 2019), Linux/Unix
• VMware workstation, vSphere Server, vCenter, Hyper-V
• Rockwell: PLC5/SLC500/Logix5000/RsView/RsSQL/Factory Talk Transaction Manager, Metrics, Historian, Pi 2 Pi, Asset Center, ViewSE, ViewME
• Siemens: S5/S7/ProTool Pro
• Willingness and capability to deliver standard IT internal and external penetration tests in peak busy times

Education, Credentials, and Experience

• 5+ years of experience performing offensive, red team style assessments in ICS/OT environments
• 2+ years of experience in an enterprise-level consulting role
• Hands-on training objectives such as OSCP, OSEP, and platforms like HacktheBox, TryHackMe, etc.
• Other relevant industry certifications such as GRID, GPEN, GCIH, GICSP, CISM, CFSE, CFSP, CISSP, etc. are a plus
• Internal, technical operational experience in industries such as manufacturing, energy, water, and oil and gas is strongly preferred
• InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience is a plus
• Self-motivated learning through self-build security labs, and participating in learning platforms like Udemy, INE, and PluralSight are a plus
• Strong self-motivation to keep up with current tactics, techniques, and procedures (TTP)
• Understanding of PLC and DCS architectures and control system communication protocols

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 700 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,000 Enterprise-Level customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical and dental premiums with generous employer family contributions
• 11 corporate holidays in 2022 (12 in 2023) and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Care plan