Sr. Red Team Penetration Tester
DC metro area Washington, District Of Columbia 20016
Kavaliro is looking for a Sr. Red Team Penetration Tester to work with our client in the Washington DC metro area. This is an immediate need!
The Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner. Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential.
- Knowledge of vulnerability management and scanning best practices. This should include knowledge of the CVE database and the CVS System used for scoring vulnerabilities.
- Experience with Unix (preferably Red Hat) administration skills.
- The individual should be comfortable with all forms of daily server administration.
- Experience with Windows server administration.
- Knowledge and experience in basic web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack.
- Knowledge of and experience in performing application assessments.
- Overall 3+ years of Information Security experience.
- At least 1 year experience performing application security assessments.
- 2+ years Red Team experience.
- Offensive pen testing experience.
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes.
- Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems.
- Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services.
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
Minimum Education and Certifications:
- Bachelor’ s degree highly desirable.
- The following certifications OSCP, is preferred