Penetration Tester

<p class="p1"><strong>We believe in having a personalized strategy for all things. That&rsquo;s why every cybersecurity stack is custom-built, it&rsquo;s why we form long-term partnerships with our clients, and it&rsquo;s why we highlight our team at every opportunity. In order for this to be successful, we need top tech talent who are motivated, inspired, and hard-working to build careers at DOT.</strong></p> <p class="p1"><strong>Ready to change the face of cybersecurity? See what makes DOT different and apply today</strong></p>

Lake Forest, IL

DOT Security

<p class="p1">People. Approach. Technology. Those are the three layers of DOT Security&rsquo;s process. Our approach and our tech are critical, but having the right people always come first.</p> <p class="p1">We believe in having a personalized strategy for all things. That&rsquo;s why every cybersecurity stack is custom-built, it&rsquo;s why we form long-term partnerships with our clients, and it&rsquo;s why we highlight our team at every opportunity. In order for this to be successful, we need top tech talent who are motivated, inspired, and hard-working to build careers at DOT.</p> <p class="p1">DOT first came from the Managed IT division of Impact Networking. As a more than 20-year-old business, Impact knows how to provide ongoing education and support for employees; qualities we&rsquo;ve taken over to DOT Security. But as a new company, we&rsquo;re also hungry to expand and improve, creating opportunities for anyone with drive and a vision.</p> <p class="p1">Ready to change the face of cybersecurity? See what makes DOT different and apply today!</p> <p class="p2">&nbsp;</p> https://dotsecurity.com/

keywords: managed security,offensive cybersecurity,career,support,analysis,risk audit,on-boarding,penetration testing,knowledge,certifications,license

Entry-Senior Level

Overview: <p>DOT Security&rsquo;s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and provide subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.</p> <p>DOT Security is seeking team members to fill the role of Offensive Cybersecurity Engineer, at different levels. Individuals will have the opportunity to join at all levels based on their knowledge and skills demonstrated during the interview process including testing. DOT Security has developed a career progression path, that challenges our team to grow as cybersecurity professionals with solid offensive cybersecurity knowledge and providing excellent customer service with ongoing audits and assessments as a member of the DOT Security &ndash; Services team</p> <p>What you will be doing as a Penetration Tester, collaborate to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.</p> <p>The role of the Penetration Tester is challenging and rewarding. It requires a business acumen and effective communication skill set. The ability to communicate highly technical concepts to non-technical users is critical to client success. There may be an opportunity to mentor other Penetration Tester as needed.</p>
Responsibilities: Associate Penetration Tester <ul> <li>Conduct and/or support authorized penetration testing on enterprise network assets.</li> <li>Apply and utilize authorized cyber capabilities to enable access to targeted networks.</li> <li>Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements.</li> <li>Apply and obey applicable statutes, laws, regulations and policies.</li> <li>Collaborate with other internal and external partner organizations on target access and operational issues.</li> <li>Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.</li> <li>Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.</li> <li>Profile network or system administrators and their activities.</li> </ul> Core Penetration Tester (In addition to the above tasks) <ul> <li>Perform analysis for target infrastructure exploitation activities.</li> <li>Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access.</li> <li>Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.</li> <li>Examine intercept-related metadata and content with an understanding of targeting significance.</li> <li>Identify gaps in our understanding of target technology and developing innovative collection approaches.</li> <li>Lead or enable exploitation operations in support of organization objectives and target requirements.</li> <li>Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.</li> <li>Produce network reconstructions.</li> </ul> Senior Penetration Tester (In addition to the above tasks) <ul> <li>Perform penetration testing as required for new or updated applications.</li> <li>Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.</li> <li>Monitor target networks to provide indications and warning of target communications changes or processing failures.</li> </ul>
Requirements: Skills <ul> <li>Associate Penetration Tester <ul> <li>Evaluating accesses for intelligence value.</li> <li>Interpreting compiled and interpretive programming languages.</li> <li>Analyzing traffic to identify network devices.</li> <li>Creating and extracting important information from packet captures.</li> <li>Creating collection requirements in support of data acquisition activities.</li> <li>Identifying the devices that work at each level of protocol models.</li> <li>Interpreting metadata and content as applied by collection systems.</li> <li>Navigating network visualization software.</li> <li>Recognizing and interpreting malicious network activity in traffic.</li> <li>Recognizing midpoint opportunities and essential information.</li> <li>Recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, mail servers, domain servers, SMTP header information).</li> <li>Researching vulnerabilities and exploits utilized in traffic.</li> <li>Using databases to identify target-relevant information.</li> <li>Using trace route tools and interpreting the results as they apply to network analysis and reconstruction.</li> <li>Writing (and submitting) requirements to meet gaps in technical capabilities.</li> </ul> </li> <li>Core Penetration Tester <ul> <li>Identifying gaps in technical capabilities.</li> <li>Depicting source or collateral data on a network map.</li> <li>Determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.</li> <li>Generating operation plans in support of mission and target requirements.</li> <li>Target development in direct support of collection operations.</li> <li>Using non-attributable networks.</li> </ul> </li> <li>Senior Penetration Tester <ul> <li>Creating plans in support of remote operations. (i.e., hot/warm/cold/alternative sites, disaster recovery).</li> </ul> </li> </ul> Abilities <ul> <li>Associate Penetration Tester <ul> <li>Accurately and completely source all data used in intelligence, assessment and/or planning products.</li> <li>Collaborate effectively with others.</li> <li>Expand network access by conducting target analysis and collection to identify targets of interest.</li> <li>Identify/describe target vulnerability.</li> <li>Have or attain eJPT or equivalent certification within 8 months of employment.</li> </ul> </li> <li>Core Penetration Tester <ul> <li>Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.</li> <li>Evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.</li> <li>Identify/describe techniques/methods for conducting technical exploitation of the target.</li> <li>Select the appropriate implant to achieve operational goals.</li> <li>Have or attain OSCP or equivalent (ex. GPEN) certification within 6 months of employment.</li> </ul> </li> <li>Senior Penetration Tester <ul> <li>Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.</li> <li>Have or attain OSEP or equivalent (ex. GXPN) certification within 6 months of employment.</li> </ul> </li> </ul> Other Desired Attributes <ul> <li>Certifications include, but not limited to specialized penetration testing certifications recognized to test web application, mobile device, WiFi, and cloud.</li> <li>Public Trust background check (Limited Requirement)</li> <li>Must be able to do some light lifting</li> <li>College degrees may be a substitute for up to two years experience for Bachelor&rsquo;s degrees. 4 Years for Master&rsquo;s degrees.</li> </ul> <p>NOTE: EC-Council certifications will not be considered as having met requirements for KSA.</p>