Senior Penetration Tester

Responsibilities

  • Conducts research & penetration testing on external facing resources as well as internal assets to determine risks
  • Oversee vulnerability research and exploit development activities.
  • Execute simulated attacks within virtual and production environments
  • Conduct research on penetration testing automation
  • Focal point for threat intelligence gathering and counter-surveillance activities
  • Stays on top of the “vulnerability landscape” and prepare counter-measures
  • Develop scripts, tools, or methodologies to uncover active risks in advance of the public.
  • Attack simulation and analysis
  • Recognize and safely utilize attacker tools, tactics, and procedures
  • Author comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate & reproduce findings to stakeholders at all levels across the organization
  • Provide subject matter enterprise to stakeholders to reproduce findings/reverse engineer exploits/attacks
  • Provide detection guidance to other team members in a timely manner
  • Train other team members in penetration testing methodologies
  • Actively participate in Red Team engagements including Social Engineering and Internal network lateral movement.

Desired Skills and Experience

  • Experience in:
    • Web, mobile and/or service-based application vulnerability assessments
    • Network penetration testing of enterprise network infrastructure
    • Developing applications in Python and / or C/C++
    • Developing, extending, or modifying exploits, shellcode or exploit tools
    • Source code review for control flow and security flaws
  • Proficient in one or more operating systems (Unix/Linux/Mac/Windows)
  • Strong knowledge of network protocols, data on the wire, and covert channels
  • Knowledge of web application exploitation methodologies Familiar with fundamentals of software exploitation on multiple operating systems
  • Ability to independently research new vulnerabilities in software products
  • Admirable communication skills (verbal and written) are required
  • Excellent written skills, articulating highly technical topics to a wide range of audiences
  • Vulnerability exploitation, payload creation and exploit development
  • Proficient with Bash, Python, and has a basic understanding of
    programming in Windows environments
  • In depth knowledge of the OWASP top 10 in terms of risk and
    exploitation methods.
  • In depth familiarity with the Metasploit framework, and post
    exploitation methods to migrate laterally within organizations.
  • Capable of taking the lead role on application, network, wireless, mobile,
    and social engineering engagements including kick off meetings, testing,
    and documentation
  • Familiarity with Kali Linux, and the operation of the tools it is
    packaged with (Ettercap, Nmap, John the Ripper, Fierce, ike-scan,
    Mimikatz, Responder, Metasploit, SMBMap, etc.)

Education

  • Bachelor’s degree in a technical field or equivalent experience
  • Master’s Degree in Cyber Security, Computer Science, or Technology related fields a plus but not required
  • Preferred certifications:
    • OSCP (Offensive Security Certified Professional),
    • OSCE (Offensive Security Certified Expert)
    • GWAPT (GIAC Web Application Penetration Tester)
    • GPEN (GIAC Penetration Tester)
    • GXPN (GIAC Exploit Researcher and Advanced Penetration)

Apply Today!

Frontend/Fullstack Engineer

Description

Nopsec Inc. is looking for a mid-level/senior frontend or fullstack engineer with strong FE experience to join our team, and build the UVRM platform that enables security professionals excel on their vulnerability management practice. The candidate’s primary responsibilities include:

  • Build new product features on top of existing React + Redux architecture
    • Work closely with our UI/UX mastermind to design and implement front end features
  • Own the front end architecture
    • Learn the good concepts from current architecture and improve on parts that can be done better
    • Take new ideas/initiatives/features introduced into React ecosystem into the project
    • Work closely with our internal security experts to secure the application
  • Learn, have some fun working with a group of dedicated engineers, and do some good.

Besides these primary responsibilities, we are flexible whether the candidate wants to focus 100% on front end or open to learn some Python 3 and work as a fullstack engineer.

Requirements

  • 2+ years of professional React.js experience
  • 3+ years of Javascript ES6
  • Experience dealing with enterprise data would be a good plus
  • Want to work with people with integrity
  • Must be a team player
  • Willing to dive into problems without clear solutions, and solve it (and feel good solving it)
  • Willing and eager to learn
  • Willing to work for a startup and know you have to wear multiple hats at times to help the team win
  • Curious about cybersecurity (prior knowledge is absolutely not required)
  • Not afraid of white hat
  • Not a hater for our tech stack:
    • Python 3 and Django
    • React, Redux, Javascript ES6
    • Postgresql, Elasticsearch
    • AWS

 

Apply Today!