Senior Penetration Tester
SilverSky’s Cyber Security Advisory team consists of dedicated security professionals providing a strategic direction to our customers to advise on the current state of their Cyber program. SilverSky is looking for a talented and highly motivated member to join our Penetration testing team as a senior member. As part of SilverSky’s Strategic Advisory team, this position will have oversight and responsibility over assigned penetration testing engagements, SilverSky’s Penetration testing as a service offering, as well as SilverSky’s Continuous validation and red teaming services.
This will be a remote position for the ideal candidate.
Duties and Responsibilities (Additional duties may be assigned as required):
- Perform a variety of penetration tests, including but not limited to Infrastructure (internal and external), Web Applications, APIs, Mobile, Wireless and Cloud
- Work collaboratively and independently with teammates to provide professional services to our clients
- Use offensive security expertise to research relevant tactics, techniques, and procedures for assessing and validating weaknesses in various infrastructure and technologies including cloud technologies.
- Test, reproduce and validate known vulnerabilities using automation technologies, manual penetration testing tools and know hacker tactics and techniques
- Develop scripts to automate repetitive actions of penetration tests
- Document exploits and results in remediation and professionally written reports.
- Understand, perform chained attacks, privilege escalation, and lateral movement techniques
- Conduct testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, scenario-based security testing or red teaming to identify gaps in detection and response capabilities
- Develop and document new and custom exploits
- Develop and author simple tools via scripting language
- Develop and author custom exploits
- Respond to inquiries, guide and advise customers on security best practices.
- Identify and provide improvements on existing services, including continuous improvement of existing methodologies, tools and reports
- Create strong narratives and analysis for publication.
- Serve as a mentor to other Penetration testers and Threat Analysts and support them in their work.
- Assist in pre-sales efforts as a penetration testing subject-matter expert
To perform this job successfully, the ideal candidate must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the tools, systems and knowledge requirements based on our existing environment:
- One or more of the following certifications: OSWA, OSWE, OSCP, CREST
- Bachelor's Degree in Cyber Security and/or 5+ years in cybersecurity - red-team/penetration testing roles.
- Strong knowledge of industry penetration testing tools
- Ability to configure, run, and monitor automated security testing tools
- Ability to Perform manual validation of vulnerabilities
- Technical understanding of various infrastructure, including web, Windows, Linux, mobile, cloud, API
- Experience identifying and exploiting web application vulnerabilities
- Strong knowledge of Networks, Linux systems, Windows systems, web applications, and scripting languages
- Strong knowledge of offensive penetration testing tools
- Strong knowledge of common attack tools, concepts, and frameworks
- Experience writing penetration testing reports
- Excellent communication skills (written and verbal)
- Ability to speak in depth on findings and remediation
- Knowledge of and ability to reverse engineer binaries for both Windows and Linux.
- Knowledge of and ability to administer network and host-based security tools to include penetration testing and ethical hacking products.
- Some knowledge of scripting languages: Python, Go, Rust, PHP, Perl, Bash, Ruby, PowerShell