Cyber Penetration Tester – Reverse Engineering
Are you a problem solver? Do you like complex, challenging puzzles? If so, this position just might be just what you're looking for. This position involves a blending of several disciplines to include, but not limited, penetration testing, reverse engineering, and code/script development.
- A common scenario would be for the customer to provide a software application, operating system or suite of tools, in which the Penetration Tester, adhering to customer goals or objectives, would analyze, evaluate and identify vulnerabilities, zero days and vectors an adversary could potentially use to gain regular and privileged access. As a minimum, this position requires a demonstrated ability to reverse engineer executables to identify flaws and create and operationally test exploits to take advantage of an identified vulnerability or zero days.
- Possess strong understanding of UNIX/LINUX fundamentals along with familiarity of the UNIX/LINUX/Windows CLI.
- Analyze, disassemble, and reverse engineer code/executables to discern weaknesses for exploit development; document and transition results in reports, presentations and technical exchanges.
- Demonstrate an ability to methodically analyze problems, identify solutions and remain composed in potentially stressful situations.
- Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability.
- Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments.
- Possess an understanding of Microsoft Office Suite.
- Exhibit good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.
- Understand and be proficient in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
- Travel up to 25% supporting customer assessments up to 1-4 weeks in duration.
- Must have an active TS/SCI clearance.
- Must possess or be willing to obtain a DoD 8570 IAT Level 3 (CISSP, CASP, etc.) certification within 6 months.
- Must possess a penetration tester certification (i.e., GPEN, GXPN, GWAPT, etc.) and reverse engineering certification (i.e., GREM, CREA, eCREA, etc.).
- Demonstrated ability to navigate UNIX, LINUX and Windows platforms.
- Possess or be willing to obtain a MCP and Linux certification within a defined timeframe.
- Minimum Bachelor’s degree and 2 years’ experience.
- Associates degree with 4 years’ experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science.
- Hands on experience with penetration testing and reverse engineering.
- Experience in working with and in a network systems security environment with a focus on security and information assurance (5 years).
- Must have thorough knowledge of common network ports and protocols.
- Strong knowledge of Windows® Internals, Windows® Application Programming Interfaces (API), Portable Executable (PE) formats, Windows® Registry, and security models.
- ADVANCED experience with Bash and Power Shell.
- ADVANCED experience in one of the following scripting languages: Perl, Python or Ruby is required.
- Strong knowledge of the following programming languages: Assembly, Java, C#, C, C++ and SQL.
- Work experience with developing proof-of- concept exploit examples to use within reports or live demonstrations
- Must complete self-assessment questionnaire, customer pre-screen, skills assessment lab, pass the customer’s training and certification program and remain mission ready qualified.
- Candidate should be self-motivated with minimal supervision.
- Analytical with the ability to understand and implement customer objectives. Familiarity with NIST, DISA STIGs and experience in conducting DOD vulnerability and compliance assessments.
- Experience or Familiarity with Military operations highly desirable.
- MCP Certification (within 6 months of hire)
- UNIX/Linux Certification (within 6 months of hire)
- Cyber security experience relating to identifying zero day exploits, attack vectors, etc.
- Reverse Engineering Certification (GREM, CREA, eCREA, etc.)
- Knowledge of Windows Internals, Windows Application Programming Interfaces (API), Portable Executable (PE) formats, Windows Registry and security models