Fulltime Penetration Tester openings in Boston on September 09, 2022

Cybersecurity testing analyst at BFP Group

Location: Boston

Cybersecurity Analyst responsibilities include:
Monitoring computer networks for security issues
Investigating security breaches and other cybersecurity incidents
Installing security measures and operating software to protect systems and information infrastructure, including firewalls and data encryption programs
Job brief
We are looking for a Cybersecurity Analyst to join our team to protect our organization from cyberattacks by monitoring our systems and evaluating threats as they arise.

A Cybersecurity Analyst’s responsibilities include reviewing computer networks and identifying any potential vulnerabilities, installing the necessary software in order to protect it from unauthorized access, and documenting detections so that future breaches can be mitigated efficiently.

Ultimately, you will defend an organization’s computer hardware, software and other systems from theft, loss and other cyberattacks.
Responsibilities
Document security breaches and assess the damage they cause
Work with the security team to perform tests and uncover network vulnerabilities
Fix detected vulnerabilities to maintain a high-security standard
Stay current on Information Technology (IT) security trends and news
Develop company-wide best practices for IT security
Perform penetration testing
Help colleagues install security software and understand information security management
Requirements and skills
Proven work experience as a Cybersecurity Analyst or similar role
Experience in information security or related field
Experience with computer network penetration testing and techniques
Understanding of firewalls, proxies, SIEM, antivirus and IDPS concepts
Ability to identify and mitigate network vulnerabilities and explain how to avoid them
Bachelor’s degree in computer science or related field is preferred

Job Type: Full-time

Pay: $80,000.00 – $120,000.00 per year

Schedule:
Monday to Friday

Experience:
Linux: 1 year (Preferred)
Cybersecurity: 1 year (Preferred)
Information security: 1 year (Preferred)

Work Location: Remote
Apply Here
For Remote Cybersecurity testing analyst roles, visit Remote Cybersecurity testing analyst Roles

********

Senior Penetration Tester at Mandiant, Inc.

Location: Boston

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instillsconfidence in their readiness to defend against and respond to cyber threats.

Job Description

A successful Red Team consultant at Mandiantshould possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a segmented secure zone at a Fortune 500 bank, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.

At Mandiant, you’ll be faced with complex problem solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real world scenario testing. The objective doesn’t end at gaining “domain admin” or “root”; this is expected and is only a starting point.

You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and properly assess them. You will get to work with some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?

Responsibilities:
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Qualifications

Requirements:
• 4-7years’ experience in at least three of the following:
• Network penetration testing and manipulation of network infrastructure
• Mobile and/or web application assessments
• Email, phone, or physical social-engineering assessments
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
• Reverse engineering malware, data obfuscators, or ciphers
• Source code review for control flow and security flaws
• Strong knowledge of tools used for wireless, web application, and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
• Must be eligible to work in the US without sponsorship

AdditionalQualifications:
• Ability to travel up to 20%
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Additional Information

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This is aregionally-basedrole that mustbe located in Connecticut, Delaware, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, or Vermont

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Apply Here
For Remote Senior Penetration Tester roles, visit Remote Senior Penetration Tester Roles

********

Senior Cloud Penetration Tester at Mandiant, Inc.

Location: Boston

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instillsconfidence in their readiness to defend against and respond to cyber threats.

Job Description

A successful Cloud Penetration Tester – Red Team at Mandiantshould possess a deep understanding of both information security and computer science. They should understand basic concepts such as cloud networking, identity and access management, console, applications, functions, and other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a web application hosted in the cloud, accessing sensitive information or compromising the environment, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in cloud infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.

At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The objective doesn’t end at gaining “global admin” or “root”; this is expected and is only the starting point.

You are expected to quickly assimilate new information as you will face new client environments on a recurring basis. You will be expected to understand the applicable threat vectors for each environment and assess them properly. You will get to work with some of the best red teamers in the industry, enabling you to develop new skills as you progress through your career. Are you up to the challenge?

Responsibilities:
• Perform cloud penetration testing, red teaming, remediation activities, and threat analysis assessments
• Developcomprehensiveand accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Qualifications

Minimum Requirements:
• 2-3years experience in the following:
• Azure, AWS, GCP, and Kubernetes
• Strong knowledgeof IAM, VPCs, Storage containers, Databases, Functions, Logging, APIs, etc.
• Cloud penetration testing and manipulation of cloud network infrastructure
• Cloud architecture design
• Development and usage of Terraform, Docker, Ansible, etc.
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits or exploit tools
• Function code review for control flow and security flaws
• Strong knowledge of tools used for cloud and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems, including Bash andPowerShell
• Must be eligible to work in the US without sponsorship

Preferred Qualifications:
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required
• Incident Response, Incident Remediation, and Security Architecture experience
• Knowledge of cloud-based CI/CD products, such as AWS Code Pipeline, Azure DevOps, and GCP Cloud Build
• Knowledge of tools such as Terraform integrated with cloud-based CI/CD products
• Ability to travel up to 20%

Additional Information

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position is covered under Mandiant’s COVID-19 Vaccination Policy and therefore proof of vaccination against COVID-19 will be required as a condition of hire.

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This is aregionally-basedrole that mustbe located in Connecticut, Delaware, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, or Vermont

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Apply Here
For Remote Senior Cloud Penetration Tester roles, visit Remote Senior Cloud Penetration Tester Roles

********

Senior Operator – Red Team at Concentrix

Location: Boston

• Senior Operator – Red Team
• Senior Red Team Operator
• Concentrix Corporation is seeking a Senior Red Team Operator for our Red Team within the Global Security Team reporting to the Manager Red Team.
• The Senior Operator will be responsible for executing penetration tests using a broad range of tools to discover and exploit possible vulnerabilities and weaknesses within the Concentrix network and recommend remediation solutions to safeguard our infrastructure and customer base most effectively.
• The Global Security Team is looking for someone who has experience conducting exploitation of live networks, conducting penetration tests, and preparing reports of findings.
• The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of the organization.
• Detailed technical knowledge in cybersecurity engineering, system and network security, authentication and security protocols, and the desire to learn are essential.
• Must have the ability to communicate with and distill information from technical resources during formal and informal meetings.
• Must be able to work both independently and as a part of team testing efforts.
• Contribute to the effective of use of penetration testing and vulnerability assessment tools.
• Performing reconnaissance, researching, and analyzing vulnerabilities, identifying relevant exploits, preparing corrective action recommendations, and summarizing and reporting results.
• + Assist with identifying critical flaws in systems and networks that threat actors could exploit.
• + Use manual testing techniques and methods to gain a better understanding of the environment and reduce false positives.
• + Conduct network, workstation, and server penetration testing against corporate internet-facing and internal systems.
• + Assist with documenting and presenting comprehensive reports on the various assessment types (ranging from scheduled penetration tests to unscheduled APT simulations) to diverse, global audiences of varying technical understanding.
• + Research and assess new threats, security advisories, and recommend remedial action.
• + Proposes and assists in implementing approaches for addressing vulnerabilities including deployment of specialized controls, infrastructure changes, and changes in the development lifecycle.
• + Validate remediation efforts by reviewing infrastructure/technology updates to verify resolution.
• + Perform special security projects on an ad-hoc basis.
• + Interface with peers on the Global Security Team to share information and enhance the security posture of the enterprise.
• Hands-on experience performing network and application penetration tests, meaning hands on experience with running and reporting from network assessment tools like NMAP, Nessus, Kali Linux, Nexpose, Metasploit, BurpSuite, Wireshark, etc
• + Ability to create, modify, move, and write files and documents from the command line only.
• + Ability to create and write Bash scripts from the command line.
• + Understanding security fundamentals, frameworks and common vulnerabilities (e.g. MITRE Attack Framework).
• + General knowledge of access controls, cryptography, security engineering, vulnerability analysis, replicating attack scenarios, risk management concepts, security architecture, etc
• + Ability to effectively communicate within a global enterprise, working through language barriers.
• + Organized, able to track penetration testing activity and create a coherent report when completed.
• + Desire to mentor junior penetration testers.
• BS (or equivalent experience/certifications) in Cybersecurity, Information Security, IT, Network Engineering, Computer Science, or related field.
• + GPEN/OSCP/CEH or equivalent certification.
• + Experience with penetration testing
• + Red Team experience
• + Good understanding of IT and Cybersecurity technologies and threats to networks, systems, and applications.
• + Blue Team/Cybersecurity defense experience
• + Good understanding of security controls
• + Working knowledge with CIS benchmarks
• + Good verbal, written communication, and presentation skills
• + Ability to support and communicate issues and/or security gaps to team members
• + Experience with CVSS, CWE, and CVE
• + Knowledge of security controls for on premise and cloud-based computing services including AWS or Azure.
• USA, CO, Work-at-Home
• For Regular and Temporary Employees: Annual bonus based on company performance; healthcare benefits, wellbeing program, dental benefits, vision benefits, flexible spending accounts, health savings accounts, Employee Assistance Program, 401(k), life insurance, accidental death and dismemberment, paid time off, disability insurance, several voluntary benefits; legal, home and auto, accident insurance and hospital indemnity, and holidays.
Apply Here
For Remote Senior Operator – Red Team roles, visit Remote Senior Operator – Red Team Roles

********

Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN at Ernst & Young Global Limited

Location: Boston

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.

The opportunity

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team works together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Your key responsibilities

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.

As part of our Penetration Testing team, you’ll identify potential threats and vulnerabilities to operational environments. Projects here could include penetration testing and simulating physical breaches to identify vulnerabilities.

Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

Skills and attributes for success

Perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing.
Execute red team scenarios to highlight gaps impacting organizations security postures.
Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.
Provide technical leadership and advise junior team members on attack and penetration test engagements.
Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
Execute penetration testing projects using the established methodology, tools and rules of engagements.
Convey complex technical security concepts to technical and non-technical audiences including executives.

To qualify for the role you must have

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major with a minimum of 3 years of related work experience or a Master’s degree and approximately 1-2 years of related work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.
Experience with manual attack and penetration testing.
Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc).
Updated and familiarized with the latest exploits and security trends.
Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
Familiarity to perform network penetration testing in stealth manner.
Any two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
A driver’s license valid in the U.S
Willingness and ability to travel domestically and internationally to meet client needs.
​Estimated travel required up to 50%.

Ideally, you’ll also have

Knowledge of Windows, Linux, Unix, any other major operating systems.
Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends in Cloud implementations.
Deep understanding of TCP/IP network protocols.
Deep understanding and experience with various Active Directory attack techniques.
Understanding of network security and popular attacks vectors.
An understanding of web-based application vulnerabilities (OWASP Top 10).

What we look for

We’re interested in intellectually curious people with a genuine passion for cyber security. With your specialization in attack and penetration testing, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

What we offer

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at ssc.customersupport@ey.com.

CYBERFY23
Apply Here
For Remote Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN roles, visit Remote Cybersecurity Attack & Penetration Red Team – Senior – Consulting – Location OPEN Roles

********

Sales Engineer – Mid Market at Pentera

Location: Boston

Sales Engineer – Inside Sales

Location: Burlington, MA



Come Hack With Us!

About Pentera:

Join us on our mission of protecting organizations against the most advanced attackers in the world!

Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited.

Pentera has 145 employees around the Globe (Israel, USA, Switzerland, Germany, Italy, France, Sweden, Spain, UK and UAE) with almost 300 customers in Production at over 30 countries.

Pentera has won various Industry Awards, such as “The Frost and Sullivan Value Leadership Award- 2019” and the “2020 Gartner Cool Vendor Award” and is backed by Top US Investors such as AWS, Insight Partners & The Blackstone Group.

Roles and responsibilities:
• Meet with prospective customers, understand requirements, field technical questions, and demonstrate capabilities.
• Play a key role in identifying and pursuing leads, converting the leads to opportunities, planning, owning and executing a Win.
• Participate in sales conference calls and prospect visits, providing product demonstrations in person and via WebEx, and working with prospects at both a technical and business level to show how Pcysys’s solution can provide value to them.
• Participate as a technical resource at trade shows and conferences, when needed.
• Work with the sales team to strategize on sales approaches to develop business.
• Ensure successful on-site product evaluations and post-sale installations when necessary.
• Assign quarterly and annual objectives.
• Manage projects and customer engagements to optimize success.

Requirements:
• BS in Engineering (CyberSecurity,SW, Industrial or Electrical) , or Computer Science
• 2 plus years of professional experience in a sales engineering, technical account management or professional services role, focused on supporting sales to Enterprise accounts commercial, mid market, or SMB accounts
• Familiarity with the Penetration Testing profession
• Solid technical skills & experience with managing IT infrastructure: OS (Win, Linux), Networks and Active Directory systems
• Understanding the Cyber landscape
• Security +, PenTest +, CEH, OSCP, CISSP, or equivalent – major advantage.
• Able to effectively present technical material to small and large groups
• Excellent time management, multi-tasking, and prioritization skills.
• Excellent written, oral communication and strong interpersonal, organizational and presentation skills
Apply Here
For Remote Sales Engineer – Mid Market roles, visit Remote Sales Engineer – Mid Market Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo