Home 
How Blumble Works 
Search Algorithm 
Your Privacy 
About 
Facebook
Twitter
Blog
Most recent job postings at pentest tools
via The Muse
posted_at: 19 hours agoschedule_type: Full-time
DESCRIPTION
This role is open to alternative locations including: Seattle, WA - Herndon, VA Arlington, VA Austin, TX...
Do you enjoy breaking software and services? Do you strive to understand systems, software, and services deeply in order to break them? Do you find yourself automating away your work every chance you get? If so, we'd love you to join us.
The Security penetration testing team is looking to hire a Penetration Testing Engineer to
DESCRIPTION
This role is open to alternative locations including: Seattle, WA - Herndon, VA Arlington, VA Austin, TX...
Do you enjoy breaking software and services? Do you strive to understand systems, software, and services deeply in order to break them? Do you find yourself automating away your work every chance you get? If so, we'd love you to join us.
The Security penetration testing team is looking to hire a Penetration Testing Engineer to join its ranks. Our team is responsible for manual assessment of all products, services and software released by Amazon. We specialize in diving deep to find security issues that static analysis tools can't, we write tooling to help with these goals. The threat surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.
This is a hands-on technical role that includes mentoring, guiding, and support of junior engineers. In addition to developing better engineers, this role will help make changes to the way we work, advising on process and procedure to make the team better. That could be by developing tools, advising management, owning programs, or something else entirely. We want smart, creative engineers who want to contribute to the entire team.
On this team you will be reading and manually reviewing source code in Java, Ruby, Python, JavaScript, Rust, C, and other languages to look for security bugs. We don't expect you to be an expert at those languages, but we do want you to be curious and able to learn new things quickly.
On this team you'll be writing proof of concept software to demonstrate impact of an issue. This is not a software development engineering nor is it a traditional red team position. You won't be phishing people or writing enterprise-grade software, but we do hope you can script your way out of a problem.
If you're passionate about finding security bugs, writing tools to reduce manual testing, developing others, impacting management, and enjoy seeing your work's impact across the internet, then we'd like you to help us solve some interesting and complex problems.
Key job responsibilities
You are a leader in our team. You guide less senior engineers during pentest engagements. You advise leadership. You lead engagements, identify scope items, and build test plans. When possible, you champion automation.
Responsibilities:
• Execute manual penetration testing and source code review engagements against a variety of web services and software
• Develop other engineers
• Advise management
• Write automation to help scale security testing at Amazon
• Provide actionable long-term risk mitigation guidance
• Provide clear communication on the issue to developers, suggest and help to test the fix
• Partner with Amazon developers to drive improvement in application security as a result of security review engagements
A day in the life
Your internal stakeholders are your fellow security engineers, our builder teams, and our AppSec partners.
About the team
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Work/Life Balance
Our team puts a high value on work-life balance. It isn't about how many hours you spend at home or at work; it's about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.
BASIC QUALIFICATIONS
• A Bachelor's degree in Computer Science, Cybersecurity, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
• Minimum of 5 years of experience in professional penetration testing, source code auditing, bug hunting, or CTF experience.
• Minimum of 5 years of experience in scripting in Python or other equivalent interpreted programming languages
• Minimum of 5 years of professional experience with security engineering practices such as in web application security, network security, authN/authZ protocols, cryptography, automation, and other software security.
PREFERRED QUALIFICATIONS
• Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
• Experience with penetration testing, red teams, CTF (Capture The Flag), or bug bounties
• Experience with penetration testing tools
• Experience with source code auditing
• Experience with multiple programming languages
• Meets/exceeds Amazon's leadership principles requirements for this role
• Meets/exceeds Amazon's functional/technical depth and complexity for this role
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us Show more details...
This role is open to alternative locations including: Seattle, WA - Herndon, VA Arlington, VA Austin, TX...
Do you enjoy breaking software and services? Do you strive to understand systems, software, and services deeply in order to break them? Do you find yourself automating away your work every chance you get? If so, we'd love you to join us.
The Security penetration testing team is looking to hire a Penetration Testing Engineer to join its ranks. Our team is responsible for manual assessment of all products, services and software released by Amazon. We specialize in diving deep to find security issues that static analysis tools can't, we write tooling to help with these goals. The threat surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.
This is a hands-on technical role that includes mentoring, guiding, and support of junior engineers. In addition to developing better engineers, this role will help make changes to the way we work, advising on process and procedure to make the team better. That could be by developing tools, advising management, owning programs, or something else entirely. We want smart, creative engineers who want to contribute to the entire team.
On this team you will be reading and manually reviewing source code in Java, Ruby, Python, JavaScript, Rust, C, and other languages to look for security bugs. We don't expect you to be an expert at those languages, but we do want you to be curious and able to learn new things quickly.
On this team you'll be writing proof of concept software to demonstrate impact of an issue. This is not a software development engineering nor is it a traditional red team position. You won't be phishing people or writing enterprise-grade software, but we do hope you can script your way out of a problem.
If you're passionate about finding security bugs, writing tools to reduce manual testing, developing others, impacting management, and enjoy seeing your work's impact across the internet, then we'd like you to help us solve some interesting and complex problems.
Key job responsibilities
You are a leader in our team. You guide less senior engineers during pentest engagements. You advise leadership. You lead engagements, identify scope items, and build test plans. When possible, you champion automation.
Responsibilities:
• Execute manual penetration testing and source code review engagements against a variety of web services and software
• Develop other engineers
• Advise management
• Write automation to help scale security testing at Amazon
• Provide actionable long-term risk mitigation guidance
• Provide clear communication on the issue to developers, suggest and help to test the fix
• Partner with Amazon developers to drive improvement in application security as a result of security review engagements
A day in the life
Your internal stakeholders are your fellow security engineers, our builder teams, and our AppSec partners.
About the team
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Work/Life Balance
Our team puts a high value on work-life balance. It isn't about how many hours you spend at home or at work; it's about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.
BASIC QUALIFICATIONS
• A Bachelor's degree in Computer Science, Cybersecurity, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
• Minimum of 5 years of experience in professional penetration testing, source code auditing, bug hunting, or CTF experience.
• Minimum of 5 years of experience in scripting in Python or other equivalent interpreted programming languages
• Minimum of 5 years of professional experience with security engineering practices such as in web application security, network security, authN/authZ protocols, cryptography, automation, and other software security.
PREFERRED QUALIFICATIONS
• Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
• Experience with penetration testing, red teams, CTF (Capture The Flag), or bug bounties
• Experience with penetration testing tools
• Experience with source code auditing
• Experience with multiple programming languages
• Meets/exceeds Amazon's leadership principles requirements for this role
• Meets/exceeds Amazon's functional/technical depth and complexity for this role
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us Show more details...
via Clearance Jobs
posted_at: 5 days agoschedule_type: Full-time
Vista Program - Cyber Security/Pentester
Chantilly, VA
• Clearance: *Active TS/SCI w/ Polygraph needed to apply ...
Company Overview:
Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies. Cornerstone's Intelligence Sector provides solutions to the United States Government
Vista Program - Cyber Security/Pentester
Chantilly, VA
• Clearance: *Active TS/SCI w/ Polygraph needed to apply ...
Company Overview:
Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies. Cornerstone's Intelligence Sector provides solutions to the United States Government for information collection, operations, exploitation and dissemination, and research activities. Our Team specializes in software development, cloud architecture, systems and network engineering, systems integration, agile management, as well as targeting operations and intelligence analysis. Our support to our mission customers includes cyber network operations, exploitation and defense, signals intelligence, human intelligence, and critical missions and networks.
Responsibilities:
Seeking a penetration tester for an Intelligence Community (IC) customer mission system. The successful candidate will perform vulnerability assessments and penetration testing following the customer's prescribed scope statement with authorities derived from the customer's Enterprise cyber security organization. The ideal candidate must display familiarity with Windows and Linux Mobile operating systems and be able to conduct network and security vulnerability analysis. Specifically, the candidate will analyze mission systems to help assess vulnerability to compromise from adversaries. The successful candidate must have prior experience with scope defined penetration testing using mainly open source tools.
• Penetrate desktops, servers, applications, operating systems, and security systems to gain root/admin access
• Provide black-box penetration testing utilizing tools and techniques to conduct cybersecurity evaluations for highly specialized network communication systems
• Modify open source exploits to bypass/evade antivirus, firewalls, hardened systems, and IDS/IPS systems
• Modify computer/system/network attacks, exploits, and Metasploit modules to create variations that evade detection
• Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation for multiple targets
• Hide digital artifacts and communications to evade antivirus, firewalls, IDS/IPS systems, Wireshark, and tcpdump
• Work independently to analyze, research, and solve technical problems
• Leverage existing business processes and document new repeatable business processes and procedures where necessary
• Research external information on cybersecurity events, incidents, threats, and technical vulnerabilities
Qualifications
• Bachelor's degree (or equivalent) in Cybersecurity, Information Security, IT, EE, Network Engineering, Computer Science, or related field
• Demonstrated 6 years experience in three or more specific areas to include: analysis, network engineering, networking security, penetration testing, red teaming, hardware engineering, software reverse engineering, and computer exploitation.
• Experience with Kali Linux and Metasploit tools
• Experience with programming/scripting: Python, Powershell, Ruby, C, JavaScript, etc
• Strong written and verbal communication skills, including ability to explain complex technical topics to non-technical audiences
Desired:
• MS degree in Computer Science, Engineering, Computer Forensics, Network Security, or equivalent technical experience
• 4 years of exploit development, computer/network security, or network traffic analysis using analytical tools
• Expert knowledge of networking components/devices and various OS/applications in Linux and Windows environments
• At least one of the following certifications: CISSP, OSCP, CEH, CEPT, GPEN, EnCE, GASF, GSFE, or BLCE Show more details...
Chantilly, VA
• Clearance: *Active TS/SCI w/ Polygraph needed to apply ...
Company Overview:
Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies. Cornerstone's Intelligence Sector provides solutions to the United States Government for information collection, operations, exploitation and dissemination, and research activities. Our Team specializes in software development, cloud architecture, systems and network engineering, systems integration, agile management, as well as targeting operations and intelligence analysis. Our support to our mission customers includes cyber network operations, exploitation and defense, signals intelligence, human intelligence, and critical missions and networks.
Responsibilities:
Seeking a penetration tester for an Intelligence Community (IC) customer mission system. The successful candidate will perform vulnerability assessments and penetration testing following the customer's prescribed scope statement with authorities derived from the customer's Enterprise cyber security organization. The ideal candidate must display familiarity with Windows and Linux Mobile operating systems and be able to conduct network and security vulnerability analysis. Specifically, the candidate will analyze mission systems to help assess vulnerability to compromise from adversaries. The successful candidate must have prior experience with scope defined penetration testing using mainly open source tools.
• Penetrate desktops, servers, applications, operating systems, and security systems to gain root/admin access
• Provide black-box penetration testing utilizing tools and techniques to conduct cybersecurity evaluations for highly specialized network communication systems
• Modify open source exploits to bypass/evade antivirus, firewalls, hardened systems, and IDS/IPS systems
• Modify computer/system/network attacks, exploits, and Metasploit modules to create variations that evade detection
• Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation for multiple targets
• Hide digital artifacts and communications to evade antivirus, firewalls, IDS/IPS systems, Wireshark, and tcpdump
• Work independently to analyze, research, and solve technical problems
• Leverage existing business processes and document new repeatable business processes and procedures where necessary
• Research external information on cybersecurity events, incidents, threats, and technical vulnerabilities
Qualifications
• Bachelor's degree (or equivalent) in Cybersecurity, Information Security, IT, EE, Network Engineering, Computer Science, or related field
• Demonstrated 6 years experience in three or more specific areas to include: analysis, network engineering, networking security, penetration testing, red teaming, hardware engineering, software reverse engineering, and computer exploitation.
• Experience with Kali Linux and Metasploit tools
• Experience with programming/scripting: Python, Powershell, Ruby, C, JavaScript, etc
• Strong written and verbal communication skills, including ability to explain complex technical topics to non-technical audiences
Desired:
• MS degree in Computer Science, Engineering, Computer Forensics, Network Security, or equivalent technical experience
• 4 years of exploit development, computer/network security, or network traffic analysis using analytical tools
• Expert knowledge of networking components/devices and various OS/applications in Linux and Windows environments
• At least one of the following certifications: CISSP, OSCP, CEH, CEPT, GPEN, EnCE, GASF, GSFE, or BLCE Show more details...
via Leidos Careers
posted_at: 5 days agoschedule_type: Full-time
Description
Looking for an opportunity to make an impact...
Unleash your potential at Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customer’s success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values
Description
Looking for an opportunity to make an impact...
Unleash your potential at Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customer’s success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.
If this sounds like an environment where you can thrive, keep reading!
Are you passionate about cybersecurity and eager to make an impact on national security? The Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is in need of a skilled Mobile Penetration Tester to join their team. As part of the US Government program responsible for safeguarding CBP networks from cyber threats, you'll play a crucial role in preventing, identifying, containing, and eradicating security breaches. With a focus on monitoring, intrusion detection, and protective security services for a range of information systems, including LAN/WAN, commercial internet connections, wireless, mobile/cellular, cloud, security devices, servers, and workstations, the CBP SOC provides an exciting and challenging work environment. In this role, you'll serve as the cloud pentesting SME, ensuring that CBP's systems remain secure. If you're ready to take on this critical and rewarding role, apply now to join the CBP SOC team!
Your greatest work is ahead!
The Mission
The Leidos Intelligence Group uses a wide range of capabilities in Digital Modernization, Mission Software Systems, and enabling technologies like Artificial Intelligence and Machine Learning to support our customers’ mission to defend against evolving threats around the world. Our team’s focus is ensuring our intelligence customers have the right tools, technologies, and tactics to keep pace with an ever-evolving security landscape and succeed in their pursuit to protect people and critical assets. From scanning for illicit material at ports and borders to predicting future events and instability up to five years in advance, our products help customers make the world safer. To explore and learn more, click here!
Are you ready to join a team dedicated to a mission? Begin your journey of a flourishing and meaningful career, share your resume with us today!
The Challenge:
• Perform cloud pentests and act as the cloud pentesting SME for the team.
• Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies.
• Perform web app pentests.
• Perform vulnerability risk assessment.
• Perform physical pentests and social engineering.
• Perform cyber incident response as needed for programs.
What Sets You Apart:
• Bachelor’s degree from an accredited college in a related discipline or equivalent experience/combined education, with 8 to 12 years of professional experience; or 6 to 10 years of professional experience with a Master's degree.
• At least six (6) years pentesting experience with at least two (2) years of cloud pentesting experience.
• Applicant should be prepared to stand up a mobile pentesting program within an existing penetesting team, recommend tools and applications for purchase, and train fellow pentesters in performing mobile pentesting.
• At least one mobile pentesting certification, such as: SANS, GMOB, CISSP, GISF, GPEN, GWAPT, GXPN, OSCE, OSCP, OSEE, or OSWP.
You Might Also Have:
• Understanding of Cyber Kill Chain & Intelligence Defense.
• Ability to brief senior officials on pentesting requirements and results.
Clearance:
• Secret Clearance required, with ability to obtain a Top Secret SCI.
• In addition to specific security clearance requirements, all CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program.
At Leidos, the opportunities are boundless. We challenge our staff with interesting assignments that provide them with an opportunity to thrive, professionally and personally. For us, helping you grow your career is good business. We’d like to learn more about you, apply today!
Pay Range:
Pay Range $78,000.00 - $120,000.00 - $162,000.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law Show more details...
Looking for an opportunity to make an impact...
Unleash your potential at Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customer’s success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.
If this sounds like an environment where you can thrive, keep reading!
Are you passionate about cybersecurity and eager to make an impact on national security? The Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is in need of a skilled Mobile Penetration Tester to join their team. As part of the US Government program responsible for safeguarding CBP networks from cyber threats, you'll play a crucial role in preventing, identifying, containing, and eradicating security breaches. With a focus on monitoring, intrusion detection, and protective security services for a range of information systems, including LAN/WAN, commercial internet connections, wireless, mobile/cellular, cloud, security devices, servers, and workstations, the CBP SOC provides an exciting and challenging work environment. In this role, you'll serve as the cloud pentesting SME, ensuring that CBP's systems remain secure. If you're ready to take on this critical and rewarding role, apply now to join the CBP SOC team!
Your greatest work is ahead!
The Mission
The Leidos Intelligence Group uses a wide range of capabilities in Digital Modernization, Mission Software Systems, and enabling technologies like Artificial Intelligence and Machine Learning to support our customers’ mission to defend against evolving threats around the world. Our team’s focus is ensuring our intelligence customers have the right tools, technologies, and tactics to keep pace with an ever-evolving security landscape and succeed in their pursuit to protect people and critical assets. From scanning for illicit material at ports and borders to predicting future events and instability up to five years in advance, our products help customers make the world safer. To explore and learn more, click here!
Are you ready to join a team dedicated to a mission? Begin your journey of a flourishing and meaningful career, share your resume with us today!
The Challenge:
• Perform cloud pentests and act as the cloud pentesting SME for the team.
• Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies.
• Perform web app pentests.
• Perform vulnerability risk assessment.
• Perform physical pentests and social engineering.
• Perform cyber incident response as needed for programs.
What Sets You Apart:
• Bachelor’s degree from an accredited college in a related discipline or equivalent experience/combined education, with 8 to 12 years of professional experience; or 6 to 10 years of professional experience with a Master's degree.
• At least six (6) years pentesting experience with at least two (2) years of cloud pentesting experience.
• Applicant should be prepared to stand up a mobile pentesting program within an existing penetesting team, recommend tools and applications for purchase, and train fellow pentesters in performing mobile pentesting.
• At least one mobile pentesting certification, such as: SANS, GMOB, CISSP, GISF, GPEN, GWAPT, GXPN, OSCE, OSCP, OSEE, or OSWP.
You Might Also Have:
• Understanding of Cyber Kill Chain & Intelligence Defense.
• Ability to brief senior officials on pentesting requirements and results.
Clearance:
• Secret Clearance required, with ability to obtain a Top Secret SCI.
• In addition to specific security clearance requirements, all CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program.
At Leidos, the opportunities are boundless. We challenge our staff with interesting assignments that provide them with an opportunity to thrive, professionally and personally. For us, helping you grow your career is good business. We’d like to learn more about you, apply today!
Pay Range:
Pay Range $78,000.00 - $120,000.00 - $162,000.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law Show more details...
via Clearance Jobs
posted_at: 2 days agoschedule_type: Full-time
Job Description
This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture... interoperability and integration, system testing, Verification
Job Description
This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture... interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce cybersecurity risk of our customer networks.
The ST&E team is expected to have knowledge and extensive experience in networking, systems management, programming and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications, determine innovative solutions, and to recommend sound security measures.
• *This position is eligible for maximum telework (>50%) for applicants residing in the National Capital Region (DC, MD, VA).**
• *This position's office location can be either Sterling, VA, or Rockville, MD.**
Required Education, Experience, & Skills
Minimum of 5 years of experience in penetration testing, including experience with the MITRE ATT&CK Framework. Extensive experience with OWASP - OWASP Top Ten, OWASP Application Security Verification Standard (ASVS), and OWASP Web Security Testing Guide (WSTG).
Demonstrated ability to identify and exploit vulnerabilities using the MITRE ATT&CK Framework.
Strong knowledge of Linux-based systems and Windows operating systems, including Active Directory.
Proficiency on the command line and have extensive knowledge of the operating system you are assessing.
Familiarity with various network security tools and techniques, such as vulnerability scanners, port scanners, and network sniffers.
Perform penetration tests and vulnerability assessments on AWS's infrastructure, applications, and services hosted in the cloud.
Create customized attack scenarios and exploits to evaluate the efficacy of Amazon security safeguards.
Detect and assess possible dangers and channels of attack unique to AWS settings.
Work with customers to discover and resolve AWS-based application and service vulnerabilities and weaknesses.
Build and maintain AWS cloud penetration testing scripts, tools, and procedures.
Two years' experience performing source code analysis.
Experience using Checkmarx for source code analysis.
Experience conducting Infrastructure as Code (IaS) analysis
Experience in Red Team (preferable) or Blue Team penetration testing.
Candidate should be willing to mentor.
Preferred Education, Experience, & Skills
Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
Cloud experience a plus! (AWS or Azure)
Proficiency in one or more programing/scripting language(s).
ANY OF THE BELOW CREDENTIALS ARE A PLUS!
• Licensed Penetration Tester (LPT) Master
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• IACRB Certified Expert Penetration Tester (CEPT)
• IACRB Certified Expert Penetration Tester (CPT)
• Certified Red Team Operations Professional (CRTOP)
• CompTIA's PenTest+
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or
• GIAC Penetration Tester (GPEN)
• Hack The Box (HTB) Certified Penetration Testing Specialist (CPTS)
• Burp Suite Certified Practitioner (BSCP)
About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. At BAE Systems, we celebrate the array of skills, experiences, and perspectives our employees bring to the table. For us, differences are a source of strength. We're laser-focused on high performance, and we work hard every day to nurture an inclusive culture where all employees can innovate and thrive. Here, you will not only build your career, but you will also enjoy work-life balance, uncover new experiences, and collaborate with passionate colleagues Show more details...
This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture... interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce cybersecurity risk of our customer networks.
The ST&E team is expected to have knowledge and extensive experience in networking, systems management, programming and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications, determine innovative solutions, and to recommend sound security measures.
• *This position is eligible for maximum telework (>50%) for applicants residing in the National Capital Region (DC, MD, VA).**
• *This position's office location can be either Sterling, VA, or Rockville, MD.**
Required Education, Experience, & Skills
Minimum of 5 years of experience in penetration testing, including experience with the MITRE ATT&CK Framework. Extensive experience with OWASP - OWASP Top Ten, OWASP Application Security Verification Standard (ASVS), and OWASP Web Security Testing Guide (WSTG).
Demonstrated ability to identify and exploit vulnerabilities using the MITRE ATT&CK Framework.
Strong knowledge of Linux-based systems and Windows operating systems, including Active Directory.
Proficiency on the command line and have extensive knowledge of the operating system you are assessing.
Familiarity with various network security tools and techniques, such as vulnerability scanners, port scanners, and network sniffers.
Perform penetration tests and vulnerability assessments on AWS's infrastructure, applications, and services hosted in the cloud.
Create customized attack scenarios and exploits to evaluate the efficacy of Amazon security safeguards.
Detect and assess possible dangers and channels of attack unique to AWS settings.
Work with customers to discover and resolve AWS-based application and service vulnerabilities and weaknesses.
Build and maintain AWS cloud penetration testing scripts, tools, and procedures.
Two years' experience performing source code analysis.
Experience using Checkmarx for source code analysis.
Experience conducting Infrastructure as Code (IaS) analysis
Experience in Red Team (preferable) or Blue Team penetration testing.
Candidate should be willing to mentor.
Preferred Education, Experience, & Skills
Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
Cloud experience a plus! (AWS or Azure)
Proficiency in one or more programing/scripting language(s).
ANY OF THE BELOW CREDENTIALS ARE A PLUS!
• Licensed Penetration Tester (LPT) Master
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• IACRB Certified Expert Penetration Tester (CEPT)
• IACRB Certified Expert Penetration Tester (CPT)
• Certified Red Team Operations Professional (CRTOP)
• CompTIA's PenTest+
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or
• GIAC Penetration Tester (GPEN)
• Hack The Box (HTB) Certified Penetration Testing Specialist (CPTS)
• Burp Suite Certified Practitioner (BSCP)
About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. At BAE Systems, we celebrate the array of skills, experiences, and perspectives our employees bring to the table. For us, differences are a source of strength. We're laser-focused on high performance, and we work hard every day to nurture an inclusive culture where all employees can innovate and thrive. Here, you will not only build your career, but you will also enjoy work-life balance, uncover new experiences, and collaborate with passionate colleagues Show more details...
via WJTV Jobs
posted_at: 8 days agoschedule_type: Full-time
Security Vulnerability and Penetration Testing (VAPT) Engineer
The Security Vulnerability and Penetration Testing (VAPT) Engineer will oversee and serve as a technical resource for all assessment activity related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of... information systems per the firm's business objectives, regulatory
Security Vulnerability and Penetration Testing (VAPT) Engineer
The Security Vulnerability and Penetration Testing (VAPT) Engineer will oversee and serve as a technical resource for all assessment activity related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of... information systems per the firm's business objectives, regulatory requirements, and strategic goals.
What You Will Be Doing:
• Perform security penetration testing of firm's systems, platforms, and applications
• Serve as a Subject Matter Expert (SME) for the VAPT function
• Serve as the system owner for common VAPT toolsets, platforms, and processes
• Provide technical assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles
Required Skills & Experience:
• Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
• Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
• Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave
• Expertise with common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
• Expertise with mobile platform security technology, including vulnerability identification and exploitation tools as well as mobile platform security best practices, frameworks, etc.
• Ability to validate the presence of identified vulnerabilities with accuracy
• Mastery of common application platforms and technologies to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins
• Authoritative mastery of OWASP, CVE, general security controls, and other foundational topics such as the latest application and operating system exploits
• Expert knowledge of common scripting and programming languages is advantageous
• Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances
• Ability to maintain critical thinking and composure under pressure
• Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
• Capable of assisting with the preparation of internal training materials and documentation
• Ability to be productive and maintain focus without direct supervision
• Understands VAPT in the context of risk management and organizational priorities
• Passionate in the practice and pursuit of VAPT excellence
• Possess a Computer Science Bachelor's Degree or substantially equivalent experience
• CISSP required
• GIAC GPEN or GWAPT preferred
• Offensive Security OSCP required
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.
Posted by: Ashton Corbett Show more details...
The Security Vulnerability and Penetration Testing (VAPT) Engineer will oversee and serve as a technical resource for all assessment activity related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of... information systems per the firm's business objectives, regulatory requirements, and strategic goals.
What You Will Be Doing:
• Perform security penetration testing of firm's systems, platforms, and applications
• Serve as a Subject Matter Expert (SME) for the VAPT function
• Serve as the system owner for common VAPT toolsets, platforms, and processes
• Provide technical assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles
Required Skills & Experience:
• Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
• Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
• Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave
• Expertise with common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
• Expertise with mobile platform security technology, including vulnerability identification and exploitation tools as well as mobile platform security best practices, frameworks, etc.
• Ability to validate the presence of identified vulnerabilities with accuracy
• Mastery of common application platforms and technologies to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins
• Authoritative mastery of OWASP, CVE, general security controls, and other foundational topics such as the latest application and operating system exploits
• Expert knowledge of common scripting and programming languages is advantageous
• Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances
• Ability to maintain critical thinking and composure under pressure
• Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
• Capable of assisting with the preparation of internal training materials and documentation
• Ability to be productive and maintain focus without direct supervision
• Understands VAPT in the context of risk management and organizational priorities
• Passionate in the practice and pursuit of VAPT excellence
• Possess a Computer Science Bachelor's Degree or substantially equivalent experience
• CISSP required
• GIAC GPEN or GWAPT preferred
• Offensive Security OSCP required
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.
Posted by: Ashton Corbett Show more details...
via Salary.com
schedule_type: Full-time
The Penetration Tester applies knowledge and experience of vulnerability assessment and penetration testing tools and techniques to execute security testing to support the assessment of IRS systems.
• Configure, run, and monitor automated security testing tools.
• Perform manual penetration testing of client systems, web sites, and networks to identify and exploit vulnerabilities...
• Use comprehensive knowledge of techniques, tools, and standards
The Penetration Tester applies knowledge and experience of vulnerability assessment and penetration testing tools and techniques to execute security testing to support the assessment of IRS systems.
• Configure, run, and monitor automated security testing tools.
• Perform manual penetration testing of client systems, web sites, and networks to identify and exploit vulnerabilities...
• Use comprehensive knowledge of techniques, tools, and standards to build test plans and methodologies.
• Conduct Security Testing and Evaluation to measure effectiveness of client Service Provider’s security control environment.
• Perform manual validation of vulnerabilities
• Compile, draft, review, develop, and deliver input for reports on all aspects relevant to information security activities, processes, and associated documentation.
• Apply knowledge of industry standard software and hardware tools to recommend solutions to meet customer vulnerability assessment and penetration testing.
• Apply expertise in planning, organizing, and prioritizing work, meeting deadlines, managing multiple tasks and working independently.
Job Requirements
• Bachelor’s Degree in Computer Science, Information Systems, Engineering, or related scientific or technical discipline.
• Must be able to obtain an IRS security clearance
• Possess CISSP or similar certification and one or more additional certifications including, CEH, OSCP, GPEN, OSCE, OSCP
• 5 years of hands-on vulnerability assessment and penetration testing experience
• Experience using vulnerability scanning tools (e.g., Tripwire IP360, Guardium, AppScan Enterprise, AppScan Source)
• Detailed knowledge applying vulnerability assessment and penetration best practices, techniques, and tools
• Experience with the following:
• Security testing tools including Metasploit, Nmap, Nessus, Burp Suite, or equivalents
• Security testing of mobile applications, wireless technologies, and web applications
• Social engineering
• Understanding of network implementation (operational and security)
• Knowledge of security and compliance assessments and testing technical controls following NIST standards and individual organizational policies.
• Possesses excellent interpersonal and communication skills.
• Intermediate knowledge of Microsoft Office Suite (i.e., Word, Excel, PowerPoint)
About Us
Paragon is a Veteran Owned Small Business (VOSB) with offices near Scott AFB, Illinois and Vienna, Virginia, providing client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our tagline is “Innovation, Value, and Excellence.”
Paragon consistently delivers value-added, client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our team of dedicated professionals provide superior services and support to you while fostering a climate of trust, innovation, efficiency, and customer return on investment with integrity, commitment, and excellence in all that we do. To help us carry out this mission, our people are trained professionals who boost our customers’ knowledge and innovation using technology, teamwork, and education.
We offer a comprehensive suite of benefits, which include medical, dental, and vision plans, Flexible Spending accounts, life insurance, short- and long-term disability, matching 401k, tuition reimbursement plans, and much more.
Paragon is an Equal Opportunity Employer and does not discriminate in employment opportunities or practices on the basis of: race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by country, regional, or local law.
VEVRAA Federal Contractor Show more details...
• Configure, run, and monitor automated security testing tools.
• Perform manual penetration testing of client systems, web sites, and networks to identify and exploit vulnerabilities...
• Use comprehensive knowledge of techniques, tools, and standards to build test plans and methodologies.
• Conduct Security Testing and Evaluation to measure effectiveness of client Service Provider’s security control environment.
• Perform manual validation of vulnerabilities
• Compile, draft, review, develop, and deliver input for reports on all aspects relevant to information security activities, processes, and associated documentation.
• Apply knowledge of industry standard software and hardware tools to recommend solutions to meet customer vulnerability assessment and penetration testing.
• Apply expertise in planning, organizing, and prioritizing work, meeting deadlines, managing multiple tasks and working independently.
Job Requirements
• Bachelor’s Degree in Computer Science, Information Systems, Engineering, or related scientific or technical discipline.
• Must be able to obtain an IRS security clearance
• Possess CISSP or similar certification and one or more additional certifications including, CEH, OSCP, GPEN, OSCE, OSCP
• 5 years of hands-on vulnerability assessment and penetration testing experience
• Experience using vulnerability scanning tools (e.g., Tripwire IP360, Guardium, AppScan Enterprise, AppScan Source)
• Detailed knowledge applying vulnerability assessment and penetration best practices, techniques, and tools
• Experience with the following:
• Security testing tools including Metasploit, Nmap, Nessus, Burp Suite, or equivalents
• Security testing of mobile applications, wireless technologies, and web applications
• Social engineering
• Understanding of network implementation (operational and security)
• Knowledge of security and compliance assessments and testing technical controls following NIST standards and individual organizational policies.
• Possesses excellent interpersonal and communication skills.
• Intermediate knowledge of Microsoft Office Suite (i.e., Word, Excel, PowerPoint)
About Us
Paragon is a Veteran Owned Small Business (VOSB) with offices near Scott AFB, Illinois and Vienna, Virginia, providing client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our tagline is “Innovation, Value, and Excellence.”
Paragon consistently delivers value-added, client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our team of dedicated professionals provide superior services and support to you while fostering a climate of trust, innovation, efficiency, and customer return on investment with integrity, commitment, and excellence in all that we do. To help us carry out this mission, our people are trained professionals who boost our customers’ knowledge and innovation using technology, teamwork, and education.
We offer a comprehensive suite of benefits, which include medical, dental, and vision plans, Flexible Spending accounts, life insurance, short- and long-term disability, matching 401k, tuition reimbursement plans, and much more.
Paragon is an Equal Opportunity Employer and does not discriminate in employment opportunities or practices on the basis of: race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by country, regional, or local law.
VEVRAA Federal Contractor Show more details...
via ZipRecruiter
posted_at: 1 day agoschedule_type: Full-time
Overview
We are looking for Application Penetration Test Analyst in Dallas, TX Location, Are you available for this position in Dallas, TX Location? Will you relocate to this location for Fulltime/Permanent Role ? Are you available for short/quick discussion over Call ...
Position :: Application Penetration Test Analyst
Location :: Dallas, TX
Fulltime/Permanent Role
Application Penetration Test Analyst
• The Application Penetration Test Analyst
Overview
We are looking for Application Penetration Test Analyst in Dallas, TX Location, Are you available for this position in Dallas, TX Location? Will you relocate to this location for Fulltime/Permanent Role ? Are you available for short/quick discussion over Call ...
Position :: Application Penetration Test Analyst
Location :: Dallas, TX
Fulltime/Permanent Role
Application Penetration Test Analyst
• The Application Penetration Test Analyst is responsible for the security testing and risk analysis of DTCC's software applications using various application security tools. Interaction with DTCC software developers to provide guidance, best practices and technical assistance in remediating software application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.
Qualifications
Must have
• * Minimum of 5 years of software application penetration testing experience
• Expert on using Web Penetration Testing tools such as Burp Suite and WebInspect
• CEH - Certified Ethical Hacker Certification
• CISSP - Certified Information Systems Security Professional
• Bachelor's degree
• Experience in Static & Dynamic Code Analysis, OSS Reviews
Good to have
• * Knowledge of Web Application Firewalls, Runtime Application Self-Protection (RASP) and Reverse Proxies
• Knowledge with public/hybrid clouds & cloud technologies utilizing Amazon Web Services (AWS) and applying that to application security tools/functions
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
• Knowledge in Web Programming languages and Python development environments
• Knowledge in standard application development/management tools such as Jenkins, Git, Puppet, Chef, or Docker
• Scripting skills in Python or PowerShell is highly desirable
• A SANS, CISSP, OSCP, AWS Solutions, or Architect certification is preferred
Duties
• * Perform Software Application Penetration Testing.
• Prepare vulnerability report that details finding, vulnerabilities, and test procedure.
• Explain application risks that have been identified during pen test to the software developers.
• Improve and maintain secure development standards and manage application security framework improvement projects
• Integrate security tools, standards and processes into the Software Development Life Cycle (SDLC) for both on-premises & cloud deployed applications
• Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
• Build a very close working relationship with DevSecOps and application development teams
• Improve application security tool stack including static analysis, runtime testing tools, RASP, integrating the tools in CI-CD and Reporting
• Work with our Threat Risk Management team and Development teams to develop application security requirements, security guidance, security architecture and technology solutions to address the existing and emerging application security issues for both on-prem and cloud deployed apps (agile and waterfall)
https://www.flexontechnologies.com/copy-of-flex-ehr-3
Flexon Technologies is a leading end-to-end technology solutions provider to IT and Non-IT industry. We specialize in providing "Total Solutions" encompassing technology and services combined with unparalleled domain knowledge that gives our clients a distinct advantage.
We offer integrated business solutions, enabling clients to optimize their business with greater efficiency, and increased responsiveness. Our offerings are designed to cater to the entire range of clients' technology needs. We deliver end-to-end solutions that can build, manage and support our customers' IT systems across the entire value chain infrastructure, applications and business processes. The range of our offerings extends to software (including systems and application software development, implementation, maintenance and frameworks), IT architecture, network consulting, Staffing etc. These technology offerings backed by the domain solutions and knowledge to ensure maximum business alignment, allowing you to derive maximum benefits out of the IT investments Show more details...
We are looking for Application Penetration Test Analyst in Dallas, TX Location, Are you available for this position in Dallas, TX Location? Will you relocate to this location for Fulltime/Permanent Role ? Are you available for short/quick discussion over Call ...
Position :: Application Penetration Test Analyst
Location :: Dallas, TX
Fulltime/Permanent Role
Application Penetration Test Analyst
• The Application Penetration Test Analyst is responsible for the security testing and risk analysis of DTCC's software applications using various application security tools. Interaction with DTCC software developers to provide guidance, best practices and technical assistance in remediating software application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.
Qualifications
Must have
• * Minimum of 5 years of software application penetration testing experience
• Expert on using Web Penetration Testing tools such as Burp Suite and WebInspect
• CEH - Certified Ethical Hacker Certification
• CISSP - Certified Information Systems Security Professional
• Bachelor's degree
• Experience in Static & Dynamic Code Analysis, OSS Reviews
Good to have
• * Knowledge of Web Application Firewalls, Runtime Application Self-Protection (RASP) and Reverse Proxies
• Knowledge with public/hybrid clouds & cloud technologies utilizing Amazon Web Services (AWS) and applying that to application security tools/functions
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
• Knowledge in Web Programming languages and Python development environments
• Knowledge in standard application development/management tools such as Jenkins, Git, Puppet, Chef, or Docker
• Scripting skills in Python or PowerShell is highly desirable
• A SANS, CISSP, OSCP, AWS Solutions, or Architect certification is preferred
Duties
• * Perform Software Application Penetration Testing.
• Prepare vulnerability report that details finding, vulnerabilities, and test procedure.
• Explain application risks that have been identified during pen test to the software developers.
• Improve and maintain secure development standards and manage application security framework improvement projects
• Integrate security tools, standards and processes into the Software Development Life Cycle (SDLC) for both on-premises & cloud deployed applications
• Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
• Build a very close working relationship with DevSecOps and application development teams
• Improve application security tool stack including static analysis, runtime testing tools, RASP, integrating the tools in CI-CD and Reporting
• Work with our Threat Risk Management team and Development teams to develop application security requirements, security guidance, security architecture and technology solutions to address the existing and emerging application security issues for both on-prem and cloud deployed apps (agile and waterfall)
https://www.flexontechnologies.com/copy-of-flex-ehr-3
Flexon Technologies is a leading end-to-end technology solutions provider to IT and Non-IT industry. We specialize in providing "Total Solutions" encompassing technology and services combined with unparalleled domain knowledge that gives our clients a distinct advantage.
We offer integrated business solutions, enabling clients to optimize their business with greater efficiency, and increased responsiveness. Our offerings are designed to cater to the entire range of clients' technology needs. We deliver end-to-end solutions that can build, manage and support our customers' IT systems across the entire value chain infrastructure, applications and business processes. The range of our offerings extends to software (including systems and application software development, implementation, maintenance and frameworks), IT architecture, network consulting, Staffing etc. These technology offerings backed by the domain solutions and knowledge to ensure maximum business alignment, allowing you to derive maximum benefits out of the IT investments Show more details...
via KTSM Jobs
posted_at: 5 days agoschedule_type: Full-timesalary: 170K–180K a year
Red Team, Network/Mobile Application Penetration Tester
Salary: $170-$180k + 20% Bonus...
Location: 100% Remote
• We are unable to provide sponsorship for this role*
• Bonus Eligible*
Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more.
Qualifications
• BS in Computer
Red Team, Network/Mobile Application Penetration Tester
Salary: $170-$180k + 20% Bonus...
Location: 100% Remote
• We are unable to provide sponsorship for this role*
• Bonus Eligible*
Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more.
Qualifications
• BS in Computer Science, Information Management, Information Security, or other comparable technical degree from an accredited college/university desired
• Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired
• 10+ years' experience in an IT environment with 8+ years' experience penetration testing
• Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more
• Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS)
• Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed
• Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications
• Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols
• Must have direct practical experience with one or more high level programming language
• Strong proficiency in network, application, emissions, and physical security
• Strong proficiency in social engineering and intelligence gathering
• Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.)
• Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.)
• Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls
• Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus
• Experience with using ServiceNow a plus.
Responsibilities
• Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
• Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
• Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
• Perform security risk assessment, threat analysis and threat modelling.
• Perform independent reviews of security, network, and applications.
• Plan/Design/Execute security related activities and create artifacts.
• Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
• Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.
• Consult with technical experts and system owners on all aspects of Information Security and Compliance.
• Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture.
• Supports and successfully completes Audits.
• Cross-train the other Security Red Team members
• Cross-train other teams within Security Services and IT departments to provide subject matter knowledge of a specific adversarial threat/risk, or to assist with remediation path recommendations
• Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies
• Participate on various technical committees and provide input and feedback to department
• Stay current on emerging technology trends and the threat landscape
• Advise IT on current and emerging threats, their attack vectors, and how to mitigate them Show more details...
Salary: $170-$180k + 20% Bonus...
Location: 100% Remote
• We are unable to provide sponsorship for this role*
• Bonus Eligible*
Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more.
Qualifications
• BS in Computer Science, Information Management, Information Security, or other comparable technical degree from an accredited college/university desired
• Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired
• 10+ years' experience in an IT environment with 8+ years' experience penetration testing
• Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more
• Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS)
• Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed
• Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications
• Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols
• Must have direct practical experience with one or more high level programming language
• Strong proficiency in network, application, emissions, and physical security
• Strong proficiency in social engineering and intelligence gathering
• Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.)
• Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.)
• Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls
• Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus
• Experience with using ServiceNow a plus.
Responsibilities
• Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
• Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
• Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
• Perform security risk assessment, threat analysis and threat modelling.
• Perform independent reviews of security, network, and applications.
• Plan/Design/Execute security related activities and create artifacts.
• Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
• Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.
• Consult with technical experts and system owners on all aspects of Information Security and Compliance.
• Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture.
• Supports and successfully completes Audits.
• Cross-train the other Security Red Team members
• Cross-train other teams within Security Services and IT departments to provide subject matter knowledge of a specific adversarial threat/risk, or to assist with remediation path recommendations
• Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies
• Participate on various technical committees and provide input and feedback to department
• Stay current on emerging technology trends and the threat landscape
• Advise IT on current and emerging threats, their attack vectors, and how to mitigate them Show more details...
via WJTV Jobs
posted_at: 5 days agoschedule_type: Full-time
Sr. Application Penetration Tester (ACE American Insurance Company (Chubb), Philadelphia, PA): Perform application security development and testing against the global application portfolio in accordance with best practices and regulatory requirements; Conduct application vulnerability testing utilizing automated and manual testing tools, analysis, and categorization of findings; Provide support to the development teams for remediation efforts; Collaborate
Sr. Application Penetration Tester (ACE American Insurance Company (Chubb), Philadelphia, PA): Perform application security development and testing against the global application portfolio in accordance with best practices and regulatory requirements; Conduct application vulnerability testing utilizing automated and manual testing tools, analysis, and categorization of findings; Provide support to the development teams for remediation efforts; Collaborate with the application development teams to schedule penetration test of applications and ensure that the schedule is completed on time; Provide guidance and oversee the application development teams to ensure successful remediation of identified vulnerabilities; Maintain detailed records of the penetration testing operations and provide continuous support in reporting metrics to the IT stakeholders; and Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations. In order to complete the... above-mentioned tasks, the following skills and experience are required: Experience with automated application scanning tools, ex. AppScan, Checkmarx, Nessus; Experience working with the following tools and utilities: Kali, BurpSuite, Nmap; Experience with security frameworks OWASP, SANS, MITRE, OSSTMM; Understanding of HTTP protocol, Oauth, SSO, JWT, HTML and web-app architectures; Understanding of software development concepts; Understanding of REST, JSON, WebServices, SOAP, XML; and Understanding of JavaScript debugging. Requires a Bachelor's degree or foreign equivalent in Computer Information Systems, Computer Science, Electronics Engineering or a related field, and at least four (4) years of experience as a Penetration Tester or related occupation. Itinerant Employment - Employee may be required to work at various unanticipated locations throughout the U.S. Incidental travel may be required to client's offices located throughout the U.S. Option to work from home may be available. Current worksite: Whitehouse Station, NJ. Salary: $118,518 - $145,000. Please send c.v. to
Show more details...
via Startup Jobs
schedule_type: Full-timework_from_home: 1
VerSprite
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools...
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite’s
VerSprite
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools...
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite’s advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.
Penetration Tester / Offensive Security Consultant
Are you an ethical hacker looking to turn your early experience into a long-term career? Do you strive to upgrade your technical skills, and take on challenging pentests? VerSprite is looking for a Penetration Tester who’s passionate about deep-dive pentesting and eager to expand their offensive security knowledge. If this sounds like you, we’d like to chat.
---
Responsibilities
• Perform Web (Apps/Services/APIs) and Network (Internal/External/Cloud) Pentests
• Elaborate and properly document proof-of-concepts for real-world exploitation scenarios of the discovered vulnerabilities with enough details so they can be easily reproduced
• Analyze vulnerabilities and deliver clear and coherent written reporting
• Provide clients the technical risk associated to all findings reported while recognizing their true business impact
• Support all reported vulnerabilities with their remediation guidance
• Collaborate with other team members (Test Lead, Team Lead and fellow consultants) on penetration tests and red teaming engagements
• Execute projects according to the alignments defined by the rules of engagements and complete them within defined deadlines as required.
• Continuously learning and staying up-to-date with the latest attack techniques, tools, methodologies
---
Requirements
• Solid fundamentals in Web (Apps/Services/APIs) and network pentesting (2+ years). Pentesting experience in mobile apps (iOS/Android) is desirable.
• Experience with Social Engineering through Phishing Campaigns, Source Code Analysis, Cloud environments and Auditing Smart Contracts definitely a great bonus.
• Solid understanding of common webapp vulnerabilities, exploitation techniques, and remediation options
• Solid foundation on network protocols (HTTP, SSH, SMTP, etc) and their typical security issues
• Solid knowledge of common security concepts (crypto, AAA, AD security, SSO, OS Security, etc.) and practical offensive techniques (SSH tunneling, pivoting, OSCP equivalent knowledge)
• Proficient in developing in at least two languages, ideally one Web and one Scripting: Python, Ruby, Swift, Golang, C/C++, .NET, PHP, JS, BASH, etc.
• Passion for learning new technologies and processes, and contributing to refining existing capabilities
• Experience developing custom scripts or tools to enhance penetration testing and improve automation of repetitive tasks
• Work well under pressure and in a fast pace environment
Benefits
We offer a competitive compensation package where you’ll be recognized for the value you bring to our business, along with:
• Opportunities to develop new skills and progress your career;
• The freedom and flexibility to handle your role in a way that’s right for you; and
• A collaborative environment where everyone works together to create a better working world
If this seems intriguing to you, please apply! We will reach out promptly to discuss your fit and additional job details Show more details...
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools...
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite’s advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.
Penetration Tester / Offensive Security Consultant
Are you an ethical hacker looking to turn your early experience into a long-term career? Do you strive to upgrade your technical skills, and take on challenging pentests? VerSprite is looking for a Penetration Tester who’s passionate about deep-dive pentesting and eager to expand their offensive security knowledge. If this sounds like you, we’d like to chat.
---
Responsibilities
• Perform Web (Apps/Services/APIs) and Network (Internal/External/Cloud) Pentests
• Elaborate and properly document proof-of-concepts for real-world exploitation scenarios of the discovered vulnerabilities with enough details so they can be easily reproduced
• Analyze vulnerabilities and deliver clear and coherent written reporting
• Provide clients the technical risk associated to all findings reported while recognizing their true business impact
• Support all reported vulnerabilities with their remediation guidance
• Collaborate with other team members (Test Lead, Team Lead and fellow consultants) on penetration tests and red teaming engagements
• Execute projects according to the alignments defined by the rules of engagements and complete them within defined deadlines as required.
• Continuously learning and staying up-to-date with the latest attack techniques, tools, methodologies
---
Requirements
• Solid fundamentals in Web (Apps/Services/APIs) and network pentesting (2+ years). Pentesting experience in mobile apps (iOS/Android) is desirable.
• Experience with Social Engineering through Phishing Campaigns, Source Code Analysis, Cloud environments and Auditing Smart Contracts definitely a great bonus.
• Solid understanding of common webapp vulnerabilities, exploitation techniques, and remediation options
• Solid foundation on network protocols (HTTP, SSH, SMTP, etc) and their typical security issues
• Solid knowledge of common security concepts (crypto, AAA, AD security, SSO, OS Security, etc.) and practical offensive techniques (SSH tunneling, pivoting, OSCP equivalent knowledge)
• Proficient in developing in at least two languages, ideally one Web and one Scripting: Python, Ruby, Swift, Golang, C/C++, .NET, PHP, JS, BASH, etc.
• Passion for learning new technologies and processes, and contributing to refining existing capabilities
• Experience developing custom scripts or tools to enhance penetration testing and improve automation of repetitive tasks
• Work well under pressure and in a fast pace environment
Benefits
We offer a competitive compensation package where you’ll be recognized for the value you bring to our business, along with:
• Opportunities to develop new skills and progress your career;
• The freedom and flexibility to handle your role in a way that’s right for you; and
• A collaborative environment where everyone works together to create a better working world
If this seems intriguing to you, please apply! We will reach out promptly to discuss your fit and additional job details Show more details...
Norton safe Web