White Box Tested - OCC

Interview: F2F/Virtual

Visa: Any except h1b

Hybrid: Chicago, IL Preferred, Dallas, TX Alternative

Rate: DOE

JD

Our client is seeking a Security Red Team White Box Tester for a long term contract opportunity.

Responsibilities

• Help plan, design and execute security red team related activities (e.g., Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion "Stealth" techniques, etc.)
• Assist with ad-hoc white-box penetration testing work of OCC's infrastructure that is still currently in Development, or in need of pre-Production penetration testing
• interact with multiple teams such as Cyber Defense, Security Assurance, and various other Security and IT teams to coordinate penetration testing engagements and re-test remediated Red Team findings.
• Produce reports and present findings to various levels of leadership and staff relating to security testing activities, as needed
• Perform security risk assessment, threat analysis and threat modeling.

Required

• Strong proficiency in Network, Web Application, and Mobile Device security testing
• Demonstrated exploit, payload, and attack framework development experience
• Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting
• Strong proficiency in social engineering and intelligence gathering.
• Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
• Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically
• Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
• Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
• Track record of vulnerability research and CVE assignments
• Knowledge of Windows APIs and Living off the Land (LOL) Binaries
• Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
• BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired.
• 3+ Years' experience of Penetration testing
• 5+ Years' experience in Information Assurance or Information Security environment.

Desired

• [Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)