Penetration Tester - Mid
Job Description: Penetration Tester - Mid
XOR Security is currently seeking several talented Mid-Level Penetration Testers to support an Agency-level Advanced Cyber Analytics team. This program provides targeted threat monitoring and response capabilities requiring analysts to have advanced levels of experience in security event monitoring, incident response, malware analysis and reverse engineering, cyber intelligence, insider threat, penetration testing, and fusion analysis (skills in more than one cyber discipline are preferred). The position will respectively focus on Cyber Threat Emulation or advanced Penetration Testing. To support this vital mission, XOR staff are on the forefront of providing Advanced Analytics, Cyber Offense, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in vulnerability management, penetration testing, malware analysis, cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be an expert in penetration testing and exploit development and familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, big data analytics, and cyber defense operations.
Location: Woodlwan, MD
- A minimum of five years of experience with assessing APT threats, Penetration Testing, Vulnerability Management, attack methodologies, forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and verification of new APT TTPs.
- Experience with any three of the seven tools listed below:Kali Linux, Metasploit, Burp suite, Cobalt Strike, Tenable Nessus, Web Inspect, Scuba, Appdetective.
- A relevant degree or equivalent, and/or proven operational experience in penetration testing or cyber threat emulation.
- Knowledge and experience in Penetration Testing, SOC support, and coordination with security teams to strengthen the overall security posture in addition to developing mitigations, including signature development and working with incident management teams to better design and implement signatures and response policies and procedures.
- Able to generate threat intelligence indicators during the course of Threat Emulation operations and apply/fine tune them across the enterprise network.
- Research and remain up to date with emerging threats and Threat Emulation methodologies.
- Familiarity with mapping Cyber Key Terrain and generating priority target lists.
- Able to automate tasks and script at a basic level.
- Familiarity with NIST and FISMA compliance.
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
- Provide subject matter expertise support in the detection, analysis, and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities
- Experience developing custom exploits and exploitation tools in support of authorized penetration tests or cyber threat emulation exercises.
- One or more certifications for Analysts: GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI, CEH, GPEN, GWAPT, GISF, GXPN
- Experience with analyzing deceptive technologies such as honeynets.
- Ability to work with a cyber network defense organization to improve an organization’s detection capabilities.
- Expertise in policies, industry trends, techniques related to penetration testing.
- Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED.
Explore more Information Security career opportunities
- Open Cyber Security Engineer Jobs
- Open Network Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open Staff Security Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Vulnerability Analyst Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Information Security Officer Jobs
- Open DevOps Security Engineer Jobs
- Open Cybersecurity Analyst Jobs
- Open Chief Information Security Officer Jobs
- Open Software Security Engineer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Computer Forensic Software Engineer Jobs
- Open Lead Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Personnel Security Officer Jobs
- Open IT Security Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open IAM Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Principal Security Engineer Jobs
- Open Audits-related jobs
- Open CEH-related jobs
- Open Clearance-related jobs
- Open Open Source-related jobs
- Open PCI-related jobs
- Open Risk management-related jobs
- Open NIST-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Google-related jobs
- Open Machine Learning-related jobs
- Open OSCP-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open AI-related jobs
- Open IPS-related jobs
- Open Security assessments-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open Encryption-related jobs
- Open Unix-related jobs
- Open DNS-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs