Job Title: Security Red Team White Box Tester (Contract ) - Job# 5635Location: REMOTEJob Description: Our client is seeking a Security Red Team White Box Tester for a long term contract opportunity. Ideal Candidate will have:
- Proven Hands On Offensive Security expertise in Network + Web Applications (not just running tools)
- Hack The Box ability (not CEH, or theoretical knowledge)
- Bug Bounties
- Zero Day Finding, Capture The Flag, Hacker 1, Bug Crowd
- Malware Development
- Development skills (not just scripting)
- Stealth movement through the enterprise after a hack
- OSCP, OSCE, OSWE
- C2 Infrastructure Build
- Reverse Engineering + Manual Pen Testing
- Defense Evasion
Responsibilities
- Help plan, design and execute security red team related activities (e.g., Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc.)
- Assist with ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing
- interact with multiple teams such as Cyber Defense, Security Assurance, and various other Security and IT teams to coordinate penetration testing engagements and re-test remediated Red Team findings.
- Produce reports and present findings to various levels of leadership and staff relating to security testing activities, as needed
- Perform security risk assessment, threat analysis and threat modeling.
Required:
- Strong proficiency in Network, Web Application, and Mobile Device security testing
- Demonstrated exploit, payload, and attack framework development experience
- Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting
- Strong proficiency in social engineering and intelligence gathering.
- Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
- Knowledge how to build Command and Control (C2) infrastructure and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities for C2 traffic specifically
- Strong understanding of security vulnerabilities and develop relevant exploits/payloads for use during Red Team activities
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
- Track record of vulnerability research and CVE assignments
- Knowledge of Windows APIs and Living off the Land (LOL) Binaries
- Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
- BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired.
- 3+ Years' experience of Penetration testing
- 5+ Years' experience in Information Assurance or Information Security environment.
Desired
- [Preferred] Professional security certifications a plus (OSCP, OSWE, GXPN, GMOB, GWAPT, etc.)
About Delphi-US Delphi-US is a national recruiting firm based in Newport, Rhode Island. We specialize in IT, Engineering and Professional Staffing services for organizations across the United States of America. Our mission is simple: We are Peacemakers in the Talent War. Delphi attracts our nation's best and brightest Technical & Professional Talent and position our nation's finest employers to further their competitive advantages. We accomplish this with a proprietary skill-based and cultural matching process that results in higher qualified submissions, hiring with purpose, and employer/employee mutual success. You'll find our team is supremely experienced, friendly, professional and ready to advocate on your behalf. Armed with best in class talent, Delphi has an indelible understanding of employer expectations and we deliver lasting results. #LI-AH1