XOR Security is currently seeking talented Penetration Testing professionals for multiple exciting positions supporting one of our premier clients within the Department of Health and Human Services. Our project provides comprehensive operational cybersecurity situational awareness and response readiness by performing 24×7 cybersecurity monitoring and advanced analytics for the ACA Health Insurance Marketplace infrastructure, and the HHS ISPG.
The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables and hands-on expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and/or threat modeling. Additionally the candidate must have experience performing penetration testing throughout the penetration testing lifecycle i.e. initial exploitation and post-exploitation. A successful candidate must be able to identify and exploit vulnerabilities, elevate privileges, ensure persistence, move laterally across a network undetected, and demonstrate the ability to perform actions / deploy effects in order to highlight a potential adversaries capability.
The ability to work quickly, willingness to work on ad-hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player.
Strong written and verbal communications skills are a must.
- Demonstrated real world experience performing grey and black box penetration testing as well as cyber threat emulation services (opposing force)
- Have an understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
- Must be proficient in several of the following tools: Powershell, Metasploit Framework/Pro, Cobalt Strike, Nessus, Burp, Canvas, and the Social Engineering Toolkit.
- Must have solid working experience and knowledge of Windows and Unix/Linux operating system, mobile platforms a plus
- Firm understanding of networks, systems and data center architecture
- Strong Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
- Strong familiarity with at least one of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
- Technical Skills proficiency: Python, Java, Ruby, encryption technologies/standards
- Secret Clearance
- Experience performing Red Team, Blue Team Operations
- Certifications (Offensive Security Certified Professional (OSCP), Web Application Penetration Tester (WAPT), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Cisco Certified Network Associate (CCNA))
- Malware analysis or digital computer forensics experience
- Cyber related Law Enforcement or Counterintelligence experience
- Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats
- Expertise on policies, industry trends, techniques related to penetration testing
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.
Job Type: Full-time
- Penetration Testing: 3 years
- Cobalt Strike: 1 year
- Nessus: 1 year
- Computer Security: 1 year