Cyber Exploitation Pen Tester II
Primary Purpose and Goal of Role
Quzara LLC, a leader in cybersecurity solutions and services, is seeking a highly skilled and motivated Cyber Exploitation Penetration Testing Specialist to join our dynamic team. In this pivotal role, you will be at the forefront of safeguarding our clients’ digital assets by conducting sophisticated penetration tests and cyber exploitation analyses. Your work will directly contribute to the defense against advanced cyber threats, ensuring the integrity, confidentiality, and availability of critical information systems.
This position offers a unique opportunity to leverage your deep understanding of cyber exploitation tactics and penetration testing methodologies to identify vulnerabilities in complex systems. You will collaborate with a team of seasoned cybersecurity professionals to design, execute, and refine penetration testing strategies, ensuring our clients can confidently navigate the digital landscape. Our ideal candidate is a strategic thinker with a passion for ethical hacking, a commitment to continuous learning, and a track record of success in cyber exploitation and penetration testing.
Responsibilities
- Plan and create penetration methods, scripts and tests for the entire team
- Carry out remote testing of a client’s network or on-site testing of their infrastructure to expose weakness in security
- Simulate security breaches to test a system’s relative security
- Create reports and recommendations from your findings, including the security issues uncovered and level of risk.
- Present your findings, risk and conclusions to management and other relevant parties
- Advanced computer skills with an extensive understanding of networking, cryptography, reverse engineering, web applications, operating systems, databases, and wireless technologies
- Knowledge of a variety of scripting and programming languages including Python, SQL, C/C++, JavaScript, PHP, Java and Ruby.
- Strong written and oral communication skills to write reports on assessments that communicate potential weaknesses
- Conduct comprehensive penetration tests on web applications, cloud infrastructures, and networks to identify vulnerabilities and security flaws.
- Develop and execute red team operations to simulate real-world attacks on systems and networks to assess the effectiveness of security measures.
- Collaborate with development and security teams to recommend security enhancements for web and cloud-based applications.
- Prepare detailed reports on findings from penetration tests and red team exercises, including risk assessments and mitigation strategies.
- Stay up-to-date with the latest security threats, techniques, and tools to continuously improve penetration testing methodologies.
- Perform penetration testing in accordance with government regulations and standards, including NIST, FedRAMP, and other frameworks specific to government cybersecurity requirements.
- Work closely with government clients to understand their security posture and compliance requirements, providing tailored penetration testing services.
- Assist in developing security policies and procedures to meet government cybersecurity standards.
REQUIREMENTS
- Bachelor's degree in Cybersecurity, Information Technology, or related field, with a strong foundation in network security and system vulnerabilities.
- Minimum of 5 years of experience in penetration testing and red teaming, specifically targeting web applications and cloud environments.
- Relevant certifications such as OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), GWAPT (GIAC Web Application Penetration Tester), and others that demonstrate expertise in ethical hacking and penetration testing.
- Proficiency in scripting and programming languages (e.g., Python, PowerShell, JavaScript) to develop custom testing tools and scripts.
- Strong understanding of cloud service models (IaaS, PaaS, SaaS) and experience with major cloud providers (e.g., AWS, Azure, Google Cloud).
- Excellent communication skills to effectively report findings to technical and non-technical stakeholders.
- Experience acting as a Subject Matter Expert or team lead providing guidance to others.
- Experience with reviewing cyber security vulnerabilities for risk and relevance.
- Experience in planning mitigations for systems vulnerabilities.
- US citizenship is required and able to obtain federal security clearance is desirable.
- Strong communication skills; able to successfully communicate with management personnel, technical personnel and third parties.
- Experience with government cybersecurity standards and regulations, such as NIST, FedRAMP, DoD RMF, and CMMC.
- Familiarity with government IT environments and the ability to navigate their unique security challenges.
- Security clearance, or the ability to obtain one, may be required for working with certain government clients.