Request Technology
Red Team, Network/Mobile Application Penetration Tester Salary: $170-$180k + 20% Bonus Location: 100% Remote *We are unable to provide sponsorship for this role* *Bonus Eligible* Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more. Qualifications BS in Computer Science, Information Management, Information Security, or other comparable technical degree from an accredited college/university desired Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired 10+ years' experience in an IT environment with 8+ years' experience penetration testing Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS) Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols Must have direct practical experience with one or more high level programming language Strong proficiency in network, application, emissions, and physical security Strong proficiency in social engineering and intelligence gathering Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation Strong experience with database security testing (MSSQL, DB2, MySQL, etc.) Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.) Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus Experience with using ServiceNow a plus. Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc. Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Supports and successfully completes Audits. Cross-train the other Security Red Team members Cross-train other teams within Security Services and IT departments to provide subject matter knowledge of a specific adversarial threat/risk, or to assist with remediation path recommendations Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies Participate on various technical committees and provide input and feedback to department Stay current on emerging technology trends and the threat landscape Advise IT on current and emerging threats, their attack vectors, and how to mitigate them
Red Team, Network/Mobile Application Penetration Tester Salary: $170-$180k + 20% Bonus Location: 100% Remote *We are unable to provide sponsorship for this role* *Bonus Eligible* Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more. Qualifications BS in Computer Science, Information Management, Information Security, or other comparable technical degree from an accredited college/university desired Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired 10+ years' experience in an IT environment with 8+ years' experience penetration testing Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS) Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols Must have direct practical experience with one or more high level programming language Strong proficiency in network, application, emissions, and physical security Strong proficiency in social engineering and intelligence gathering Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation Strong experience with database security testing (MSSQL, DB2, MySQL, etc.) Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.) Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus Experience with using ServiceNow a plus. Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc. Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Supports and successfully completes Audits. Cross-train the other Security Red Team members Cross-train other teams within Security Services and IT departments to provide subject matter knowledge of a specific adversarial threat/risk, or to assist with remediation path recommendations Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies Participate on various technical committees and provide input and feedback to department Stay current on emerging technology trends and the threat landscape Advise IT on current and emerging threats, their attack vectors, and how to mitigate them
Request Technology - Robyn Honquest
NO SPONSORSHIP SALARY: $178k - $180k flex plus 20% bonus Lead Penetration Tester - Applications App/Sec/Offensive Team LOCATION: Remote Looking for a very experienced high-end penetration tester AppSec/Offensive security architect/engineer prefer someone who came up through application development. Must also has experience in infrastructure and networking penetration testing and has leadership tech team lead must have great soft skills We are seeking an Information Security Senior to provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Penetration Testing and Red Team assessments Perform internal and external penetration testing of network infrastructure and applications Perform Red team assessments including physical, social engineering, and network exploitation Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases Perform network reconnaissance, OSINT, social engineering, and physical security reviews This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness. Qualifications : 8-10 years of experience in Penetration testing, Red Team and Purple Team Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.) Must have a demonstrable understanding of voice and data networks, major operating systems, Active Directory, cloud technologies Must demonstrate knowledge of MITRE's ATT&CK framework, execute and chain TTP's Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms. Ability to optimally code in a Scripting language (Python, Bash, PowerShell, Perl, etc.)
NO SPONSORSHIP SALARY: $178k - $180k flex plus 20% bonus Lead Penetration Tester - Applications App/Sec/Offensive Team LOCATION: Remote Looking for a very experienced high-end penetration tester AppSec/Offensive security architect/engineer prefer someone who came up through application development. Must also has experience in infrastructure and networking penetration testing and has leadership tech team lead must have great soft skills We are seeking an Information Security Senior to provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Penetration Testing and Red Team assessments Perform internal and external penetration testing of network infrastructure and applications Perform Red team assessments including physical, social engineering, and network exploitation Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases Perform network reconnaissance, OSINT, social engineering, and physical security reviews This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness. Qualifications : 8-10 years of experience in Penetration testing, Red Team and Purple Team Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.) Must have a demonstrable understanding of voice and data networks, major operating systems, Active Directory, cloud technologies Must demonstrate knowledge of MITRE's ATT&CK framework, execute and chain TTP's Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms. Ability to optimally code in a Scripting language (Python, Bash, PowerShell, Perl, etc.)
Request Technology - Craig Johnson
Oakland, California
*We are unable to sponsor for this Remote permanent role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Lead Cyber Security Penetration & Vulnerability Tester. Candidate will provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Responsibilities: Penetration Testing and Red Team assessments Perform internal and external penetration testing of network infrastructure and applications Red team assessments including physical, social engineering, and network exploitation Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases Perform network reconnaissance, OSINT, social engineering, and physical security reviews Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards Effectively communicate findings and strategy to stakeholders, including technical staff and executive leadership Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Purple Team and Adversary simulations Participate in regular Purple team exercises and perform adversary simulations to test defense controls Assist with scoping prospective engagements, leading engagements from kickoff through remediation Work closely with Blue team to test efficacy of existing alerts and help create new detection. Create findings reports and communicate to stakeholders Contribute to enhancing the team's toolkit Write custom scripts to automate tasks related to finding new vulnerabilities Maintain runbooks to continually improve penetration testing methodologies and threat modelling. The Red team is responsible for testing the overall strength of our organization's defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker! This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness. Qualifications : 8-10 years of experience in Penetration testing, Red Team and Purple Team Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.) Must have a demonstrable understanding of voice and data networks, major operating systems, Active Directory, cloud technologies Must demonstrate knowledge of MITRE's ATT&CK framework, execute and chain TTP's Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms. Ability to optimally code in a Scripting language (Python, Bash, PowerShell, Perl, etc.) OSCP 7+ to 10 years experience Seniority Level - Other Management Experience Required - No Minimum Education - Bachelor's Degree Willingness to Travel - Never
*We are unable to sponsor for this Remote permanent role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Lead Cyber Security Penetration & Vulnerability Tester. Candidate will provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Responsibilities: Penetration Testing and Red Team assessments Perform internal and external penetration testing of network infrastructure and applications Red team assessments including physical, social engineering, and network exploitation Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases Perform network reconnaissance, OSINT, social engineering, and physical security reviews Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards Effectively communicate findings and strategy to stakeholders, including technical staff and executive leadership Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Purple Team and Adversary simulations Participate in regular Purple team exercises and perform adversary simulations to test defense controls Assist with scoping prospective engagements, leading engagements from kickoff through remediation Work closely with Blue team to test efficacy of existing alerts and help create new detection. Create findings reports and communicate to stakeholders Contribute to enhancing the team's toolkit Write custom scripts to automate tasks related to finding new vulnerabilities Maintain runbooks to continually improve penetration testing methodologies and threat modelling. The Red team is responsible for testing the overall strength of our organization's defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker! This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness. Qualifications : 8-10 years of experience in Penetration testing, Red Team and Purple Team Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.) Must have a demonstrable understanding of voice and data networks, major operating systems, Active Directory, cloud technologies Must demonstrate knowledge of MITRE's ATT&CK framework, execute and chain TTP's Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms. Ability to optimally code in a Scripting language (Python, Bash, PowerShell, Perl, etc.) OSCP 7+ to 10 years experience Seniority Level - Other Management Experience Required - No Minimum Education - Bachelor's Degree Willingness to Travel - Never
