- Technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management;
- Security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools included within the Kali Linux distribution;
- Networking protocols, TCP/IP stack, systems architecture, and operating systems;
- Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript;
- Well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and,
- Traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Performing penetration testing activities within a client s environment, emphasizing manual stealthy testing techniques;
- Executing stealthy penetration testing, advanced red team, or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems;
- Understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines; .
- Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements;
- Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information;
- Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems;
- Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses;
- Managing engagements with junior staff;
- Preparing concise and accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary;
- Balancing project economics management with the occurrence of unanticipated issues.
- Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members;
- Proactively seeking guidance, clarification, and feedback; and,
