Penetration Tester

Arlington, Virginia

XOR Security is looking for a Penetration Tester to perform the following duties:

Required qualifications:

  • Someone who has an exploit development background who can discover new vulnerabilities.
  • Such an individual would be fluent in exploit frameworks such as Metasploit, Canvas, Core Impact or Cobalt Strike. Have experience with debuggers such as IDA Pro, WinDBG, GDB and typically has multiple years history performing penetration tests. Will typically have exposure to multiple programming languages and able to seamlessly transition between them. OSCP certification or similar is desirable.
  • Minimum Associates Degree
  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
  • Ability to identify assets on an agreed upon IP address space or network range(s) using a network mapping tool.
  • Identify IT vulnerabilities using a vulnerability scanning tool and develop a Vulnerability Scanning Risk Assessment document that includes an executive summary, risk assessment reports, and/or dashboards.
  • Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
  • Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
  • Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
  • A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
  • Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.

Desired qualifications

  • Experience with Qualys (or other enterprise vulnerability and compliance tools), data analytic platforms (Splunk, Palantir), and mainframe security tools (Vanguard, z/OS)
  • Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
  • One or more of the following certifications:  GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
  • An understanding in researching Emerging Threats and recommending monitoring content within security tools.
  • Familiar with DHS CISA’s High Value Asset (HVA) Risk and Vulnerability Analysis (RVA) process
  • Experience with performing assessments on High Value Assets (HVAs)
  • Experience with one or more of the following technologies and specific tools: Splunk (including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.

 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory CEH CHFI CISA Clearance Cobalt Strike Compliance Computer Science Core Impact DNS ECSA Exploit GCED GCFA GCFE GCIA GCIH GCTI GNFA Incident response Linux Mainframe Malware Metasploit Monitoring OSCP Qualys Risk assessment Risk Assessment Report SMTP Solaris Splunk SQL Vulnerabilities WinDbg Windows

Perks/benefits: 401(k) matching Health care Team events

Region: North America
Country: United States
Job stats:  28  1  0
Category: PenTesting Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.