Fulltime Penetration Tester openings in California on September 07, 2022

SME Aircraft Penetration Tester TGCB at Oasis Systems LLC

Location: Edwards Air Force Base

Overview

Oasis Systems has an exciting opportunity for a Avionics Penetration Tester located at the 47th Cyberspace Test Squadron Detachment 1 at Edwards AFB,CA. Do you thrive on completing objectives that others consider too complex? Do you enjoy solving problems that seem unsolvable? How would you feel about identifying and exploiting vulnerabilities of aircraft and weapon systems? Our team is responsible for testing the cutting-edge systems that keep America safe. If you are searching for a position where success is determined by your ability to think outside-the-box, and where unique challenges are not the exception but the norm, then keep reading.

The experience set we are searching for is pretty broad, but generally fits into 3 areas; IT system penetration testers, hardware/software reverse engineers, and embedded systems engineers. We realize that no one will have all of these qualifications. We are looking for people that can bring a strong foundation in one of the listed areas and are motivated to learn the others.

LOCATION: Edwards AFB, CA

JOB STATUS: Full-Time

TRAVEL: Yes.Must be able to travel to required meetings such as Engineering Design Reviews, Formal Qualification Tests, and other enterprise/program meetings.

REQUIRED QUALIFICATIONS (Education, Certifications, Experience, Skills)

SECURITY CLEARANCE: Top Secret clearance. Must be able to gain access to SCI and Special Access Programs within 90 days

EDUCATION: Master’s degree in a technical or applicable discipline

CERTIFICATIONS: Must be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, etc.) and/if IP Penetration Tester SME DOD 8570.01-M CSSP Analyst – Certified (CEH, GCIH, etc.) within 6 months of hire, and maintain certification throughout employment.

EXPERIENCE LEVEL: Regarded within the community of interest as a Subject Matter Expert in aircraft penetration testing. This skill level will oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.

REQUIRED SKILLS:
• US Citizenship
• Top Secret Clearance
• Cybersecurity job experience
• Cyber penetration test experience
• Analytical and problem-solving skills
• Strong leadership skills
• Understanding of network security/engineering
• Good organization, decision making, and verbal and written communication skills
• Excellent self-initiative and self-motivation with the ability to work under minimal supervision
• Ability to work effectively in small and large team settings to solve complex problems
• Knowledge of Windows and Linux (including Kali) Operating Systems
• Software development experience is desired, but at least some scripting experience in Python, Ruby or similar language is required
• Extensive experience with Windows and Linux Operating Systems
• Must be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, etc.) and/if IP Penetration Tester SME DOD 8570.01-M CSSP Analyst – Certified (CEH, GCIH, etc.) within 6 months of hire, and maintain certification throughout employment

PREFFERRED QUALIFICATIONS/SKILLS:
• Extensive understanding of network security/engineering.
• Extensive knowledge of common wired and wireless network protocol structures.
• Experience with static and dynamic software analysis tools and techniques (i.e. fuzzers).
• Experience designing, building, or testing embedded systems.
• Experience with a non-IP bus protocol (CAN bus, Mil-Std 1553, ARINC 429, etc.).
• Experience with aircraft avionics is a plus.
• Experience with Radio Frequency (RF) and Datalinks is a plus

RESPONSIBILITIES:
• Develop test tools and strategies for cybersecurity testing on DoD aircraft and weapons.
• Conduct independent compliance assessments, penetration testing, data collection, test automation, and reporting.
• Perform system security analysis on systems and/or software to understand and identify vulnerabilities.
• Execute hands-on testing which include significant technical skills with multiple operating systems.
• Provide technical guidance and expertise to test teams.
• Document and communicate test results effectively to technical and non-technical user groups in written and oral formats.
• Develop and document a standard, repeatable process for conducting MBCRAs and CVIs, ACDs, CVPAs, and AAs.
• Support the development of cyber test and evaluation procedures for aircraft, weapons, C4ISR, and IT systems.
• Document the system information requirements and work products needed by the Development Test & Evaluation (DT&E) and Operational Test & Evaluation (OT&E) communities to plan, execute and report on systems’ cyber test objectives.
• Provide requirements usable by programs to incorporate in statements of work, system technical requirements documents, Test and Evaluation Master Plans, DT&E and OT&E Entrance and Exit criteria, and other documents.
• Assist with developing and documenting Air Force guidance, and informing DoD guidance updates.
• Document recommendations for incorporating DT&E/OT&E cybersecurity deficiency reporting and watch items into standard DT&E/OT&E processes.
• Facilitate program MBCRAs.
• Assist with CVI, ACD, CVPA, and AA planning, execution, and reporting to achieve the above objectives, provide expertise and lessons learned, and apply process knowledge for systems under test

Who We Are

Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.

We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs.

Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available #mon
Apply Here
For Remote SME Aircraft Penetration Tester TGCB roles, visit Remote SME Aircraft Penetration Tester TGCB Roles

********

Lead P.NETration Tester at Five9

Location: San Ramon

Five9 provides businesses reliable, scalable, and secure cloud contact center software designed to create exceptional customer experiences, increase agent productivity, and deliver tangible business results. We are driven by a passion to transform contact centers into customer engagement centers of excellence. Since 2001, Five9 has led the cloud revolution in contact centers, helping organizations transition from legacy premise-based solutions to the cloud. We are looking for a highly motivated Penetration Testing Lead. The Pentest Lead’s focus will be to schedule, prioritize, and conduct assessments while establishing and maintaining relationship with internal customers for remediation follow ups. The Pentest Lead will work with all types of technology across Five9 that needs assessed – web/mobile applications, enterprise network and data centers. An ideal candidate would have experience as PenTest consultant with strong emphasis on being hands-on. Key Responsibilities: Apply state of the art methodologies, tooling, and skills to demonstrate real vulnerabilities, and help internal teams improve security posture and technical controls to mitigate the issues. We’re looking for passionate individual who goes beyond finding vulnerabilities identified by vulnerability scanners/tools As an Offensive Security Expert, you will conduct ongoing research into latest attack TTPs, collaborate with teams for vulnerability remediation and discover dangerous flaws and major security vulnerabilities for our products and infrastructure before they’re found by attackers Expertise and experience in web application and/or network penetration testing Vulnerability assessments including manual testing to further evaluate the security of applications Knowledge of exploit development, execute and chain TTP’s, vulnerability research/reporting Penetration testing and code review (including DAST and SAST; experience with JAVA and JavaScript based environments) Understanding security fundamentals and common vulnerabilities (e.g., OWASP Top Ten and SANS Top 25) in addition to more modern web app and enterprise app vulnerabilities Technical Skills: 8+ years of application-focused offensive security experience in supporting a variety of technologies Understanding of cryptographic concepts and applied cryptography (SSL, AES etc.) Additional experience in IT, security engineering, system and network security, authentication and security protocols Scripting/programming skills (Python, Java, JavaScript, etc.) preferred Experience with AWS and/or GCP cloud environments preferred, understanding its major technologies such as IAM, EC2, VPC, EBS, S3, and Lambdas Network and web-related protocol knowledge (e.g., TCP/IP, UP, IPSEC, HTTP, HTTPS, routing protocols) Familiarity with security tools & frameworks like Burpsuite, Metasploit, Kali, Canvas, etc. Strong communication skills (i.e., written and verbal) – including the ability to work as a mentor OSCP/E, OSWP, CEH, PenTest+, Licensed Pen Tester, GWAPT, GPEN, or GXPN certifications are helpful, but not required Advanced relevant academic training is a definite bonus but not required, i.e., Bachelor’s in Computer Science Candidate needs to be passionate about offensive security and has an unstoppable drive to innovate. Red Team Experience as an operator Experience: Web Application Penetration Testing: 6-8+ years (Required) Cloud Pen testing: 2-3 years (Required) Network Pen testing: 2-3 years (Preferred) Attack Simulation: 2-3 years (Preferred) C2 Infrastructure Creation: 2-3 years (Preferred) C2 & TTP Development: 2-3 years (Preferred) Full Scope Red Team: 2-3 years (Preferred) MITRE ATT&CK: 1-2 years (Preferred) Physical Security: 1-2 years (Preferred) Security conference speaking, blog posts, or presentations (preferred) Five9 embraces diversity and is committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better we are. Five9 is an equal opportunity employer. Our headquarters are located in the beautiful Bishop Ranch Business Park in San Ramon, CA.
Apply Here
For Remote Lead P.NETration Tester roles, visit Remote Lead P.NETration Tester Roles

********

Senior Security Compliance Specialist at Infinity Consulting Solutions

Location: Burbank

Our client, a worldwide media & entertainment company is looking for a Senior Security & Compliance Specialist to add to their GIS team.

Responsibilities:
• Assists in resolving security and compliance issues, as well as, developing processes, documentation and reports.
• Analyzes and reviews security findings and data and penetration testing results.
• Assist in monitoring and administering policies as directed.
• Represents the security needs of the organization by providing expertise and assistance in all GBTS projects with regards to security issues.
• Create, manage and maintain user security awareness Enforce security policies and procedures.
• Prepare status reports on security matters to develop risk analysis scenarios.
• Evaluate and develop approach to solutions.
• Proactively assesses potential items of risk and opportunities of vulnerability.
• Review vulnerability assessments and conduct gap analysis.
• Provides situation-based support, using in-depth knowledge of technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
• Develops technical monitoring, assessment and response solutions that meet current specifications
• Reviews and presents reports (eg, penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
• Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
• Participate in all phases of Red Team Operations
• Support GIS AppSec Team with full manual penetration testing, tools development, and streamlining processes and procedures.
• Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Required Skills:
• 5+ years experience in related field.
• Solid knowledge of information security principles and practices.
• Knowledge of various Compliance policies and programs (PCI, SOX, Safe Harbor).
• Understanding of advanced security protocols and standards.
• Knowledge of various Compliance policies and programs (PCI, SOX, Safe Harbor).
• Domain knowledge in multiple technical areas.
• Ability to work on most phases of functional requirements.
• Experience with performing Red Team Operations
• Expert level web application and network penetration testing skills
• Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
• Experience customizing/developing in-house scripts and tooling
• Experience working with Scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C+,C#, and Java
• In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
• In-depth knowledge of networking protocols and systems administration

Required Licenses/Training:

One or more of the following certifications:
• OSCP – Offensive Security Certified Professional
• OSWE – Offensive Security Web Expert
• GPEN – GIAC Penetration Tester
• GIAC – GIAC Web Application Penetration Tester One or more of the following certifications:
• OSEP – Offensive Security Certified Expert
• GXPN – GIAC Exploit Researcher and Advanced Penetration Tester

Web Reference : AJM/260208146-764
Posted Date : Wed, 07 Sep 2022

To apply for this position you will complete an application form on another website provided by or on behalf of Infinity Consulting Solutions. Please note IT Jobs for ColU Fans is not responsible for the application process on any external website.
Apply Here
For Remote Senior Security Compliance Specialist roles, visit Remote Senior Security Compliance Specialist Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo