Penetration Tester - Mid
Job Description: Penetration Tester - Mid
XOR Security is currently seeking several talented Mid-Level Penetration Testers to support an Agency-level Advanced Cyber Analytics team. This program provides targeted threat monitoring and response capabilities requiring analysts to have advanced levels of experience in security event monitoring, incident response, malware analysis and reverse engineering, cyber intelligence, insider threat, penetration testing, and fusion analysis (skills in more than one cyber discipline are preferred). The position will respectively focus on Cyber Threat Emulation or advanced Penetration Testing. To support this vital mission, XOR staff are on the forefront of providing Advanced Analytics, Cyber Offense, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in vulnerability management, penetration testing, malware analysis, cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be an expert in penetration testing and exploit development and familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, big data analytics, and cyber defense operations.
Location: Woodlwan, MD
- A minimum of five years of experience with assessing APT threats, Penetration Testing, Vulnerability Management, attack methodologies, forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and verification of new APT TTPs.
- Experience with any three of the seven tools listed below:Kali Linux, Metasploit, Burp suite, Cobalt Strike, Tenable Nessus, Web Inspect, Scuba, Appdetective.
- A relevant degree or equivalent, and/or proven operational experience in penetration testing or cyber threat emulation.
- Knowledge and experience in Penetration Testing, SOC support, and coordination with security teams to strengthen the overall security posture in addition to developing mitigations, including signature development and working with incident management teams to better design and implement signatures and response policies and procedures.
- Able to generate threat intelligence indicators during the course of Threat Emulation operations and apply/fine tune them across the enterprise network.
- Research and remain up to date with emerging threats and Threat Emulation methodologies.
- Familiarity with mapping Cyber Key Terrain and generating priority target lists.
- Able to automate tasks and script at a basic level.
- Familiarity with NIST and FISMA compliance.
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
- Provide subject matter expertise support in the detection, analysis, and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities
- Experience developing custom exploits and exploitation tools in support of authorized penetration tests or cyber threat emulation exercises.
- One or more certifications for Analysts: GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI, CEH, GPEN, GWAPT, GISF, GXPN
- Experience with analyzing deceptive technologies such as honeynets.
- Ability to work with a cyber network defense organization to improve an organization’s detection capabilities.
- Expertise in policies, industry trends, techniques related to penetration testing.
- Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED.
More Information Security position highlights
- Explore open Information Security Architect Jobs
- Explore open SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open IAM Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Manager, Cybersecurity and Trust Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Clearance-related jobs
- Explore open CEH-related jobs
- Explore open Audits-related jobs
- Explore open Open Source-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open Risk management-related jobs
- Explore open IDS-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Splunk-related jobs
- Explore open AI-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open Security assessments-related jobs
- Explore open Threat detection-related jobs
- Explore open Encryption-related jobs
- Explore open Unix-related jobs
- Explore open Docker-related jobs
- Explore open DNS-related jobs
- Explore open PowerShell-related jobs
- Explore open TCP/IP-related jobs