BlueVoyant Senior Penetration Tester in College Park, Maryland
Senior Penetration Tester
We are open to a remote candidate as long as US based.
Primary responsibilities require the analyst to perform Penetration Testing (e.g., internal, external wireless, physical, social, etc.), web application security assessments (e.g., exploiting web app vulnerabilities such as sql injection, cross-site scripting, parameter manipulation, session hijacking, etc.), vulnerability assessments (i.e., network vulnerability scanning), and technical security assessments (e.g., Windows, UNIX, firewalls, routers, sql server, Could, etc.) for BlueVoyant's clients.
Additionally, the Senior Tester will be required to provide oversight and training for junior analysts and interact with clients at a technical level. The Security Analyst should be technical and proficient with Information Security practices and data visualization. The analyst will be a self-driven technologist who works closely with others within the security department as well as members of other Information Technology departments and business stakeholders to identify, analyze, and remediate threats.
The analyst may also be leveraged to assist to design, build, operate and monitor leading edge security infrastructure, platforms, applications and tools to meet strategic and tactical security objectives. The Security Analyst will work with Directors, technical managers, software development, and IT operations staff to identify, exploit, mitigate or remediate vulnerabilities and manage technology risks across the enterprise. Participates in periodic vulnerability assessments and reviews the findings to gauge overall risks, severity and appropriate corrective measures.
? 10+ years? IT/cybersecurity experience Minimum of 6 years? managing and conducting Vulnerability/Penetration/Risk Assessment engagements? Minimum of 5 years? experience in information security fundamental/principles? Industry recognized certifications in the fields of penetration testing and vulnerability analysis? Senior level experience with Network or Information Security support? Solid systems security exposure and proficiency in at least two Operating Systems (Windows, Linux preferred)? In-depth knowledge of VA/PT tools (Metasploit, Cobalt Strike, Core, Nessus, Burp, etc.)? Needs to have a keen understanding of threat vectors as well as exfiltration techniques? Strong troubleshooting skills of complex network and security problems? Strong analytical skills in threat, vulnerability, and intrusion detection analysis? Knowledge of Operational Security (OPSEC) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines? Excellent verbal and written communication skills? Highly disciplined and motivated, able to work independently, under direction, or as a member of a team? Must be willing to periodically work non-standard hours and be on call? Experience with Risk Management Frameworks Experience with SIEM and/or log aggregation technologies such as ArcSight, Splunk, or ELK? US Citizen, must be able to attain any required Security Clearance
? Experience performing or managing Black/Grey/White Box as well as Red-Team assessments, pivoting and persistence, application and web application testing? Experience and proficiency in Cloud penetration testing? Ability to write custom scripts, code etc. to assist with network exploitation activities? Application of common Cyber Security concepts including Intrusion Detection Systems, Host Intrusion Prevention Systems, and Anti-Virus Solutions? Understanding of the Windows/Mac/Linux File System structure, and ability to recover deleted files, search hidden files, and access registry keys? Knowledge of Operational Security (OPSEC) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines? Ability and experience capturing and analyzing volatile (in-memory) data? Experience with network signature development with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools? OCSP or other advanced ethical hacking certifications
BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organizations of all sizes against today?s constant, sophisticated attackers, and advanced threats.
Led by CEO, Jim Rosenthal, BlueVoyant?s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.
Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, and Latin America.
All employees must be authorized to work in the United States or Israel. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.