Penetration Tester

Remote
Commercial – Commercial All Departments /
Full-Time /
Remote
Apply for this job
UltraViolet Cyber (UV Cyber) is seeking an experienced Penetration Tester with a background in Web Applications, Network, and Cloud Security. This individual will play a key role in conducting penetration tests as one of the core capabilities of UltraViolet Cyber and our customers.

The penetration tester will execute simulated attacks against client information technology systems to demonstrate susceptibility to such attacks by an adversary, similar to how an advanced persistent threat (APT) would attempt to breach into an organizations' information systems. Qualified candidates must be able to assess target systems, identify vulnerabilities, safely exploit those vulnerabilities, and effectively communicate the risk to the client.

US Citizenship required, and candidates must be willing to be submitted for a US Government background investigation.

No third-party candidates will be considered

Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE)

Understanding US Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), NSA Guides, National Checklist Program (NCP) or Common Secure configurations

Responsibilities

    • Conduct web application, Application Programming Interface (API), network, and cloud penetration tests.
    • Use common penetration testing and red-team tools, tactics, techniques, and procedures.
    • Analyze Proof of Concept (PoC) exploits to understand the underlying vulnerability and tailor the PoC to be safely used in target space.
    • Automate Red Teaming and Penetration Testing techniques, to efficiently scale offensive operations, using common scripting and programing languages (e.g. Golang, Python, JavaScript, Bash, PowerShell, etc.).
    • Conduct security assessments of cloud environments and application source code review.
    • Conduct penetration tests in accordance with standard methodologies (i.e. OWASP, NIST, PTES).
    • Utilize custom penetration testing tools, frameworks, and infrastructure.
    • Assess risk of discovered vulnerabilities based on likelihood and severity of exploitation.
    • Document and deliver technical reports on detailed findings and vulnerability remediation recommendations.
    • Collaborate with clients throughout an assessment on status and vulnerability information.
    • Evolve our capabilities and toolset

Penetration Testing in three (3) or more of the following:

    • Web Applications
    • External Networks
    • Internal Networks
    • Active Directory
    • Cloud Environments (e.g. AWS, Azure, GCP)

Tools / Services:

    • NMAP
    • BurpSuite
    • CrackMapExec
    • BloodHound
    • Ansible
    • Terraform
    • Git
    • AWS

Minimum Requirements

    • Bachelor’s Degree in Cybersecurity or related field preferred
    • At least 2 years of experience related to conducting penetration tests or red-team assessments .
    • Offensive Security Certified Professional (OSCP) preferred but not required: OSCP experience and knowledge is highly preferred.
Apply for this job
Jobs powered by Lever logo