Penetration Tester

<strong>We&rsquo;ve spent the past 20 years pushing the boundaries of traditional business. Though we&rsquo;ve evolved from an equipment dealership into an IT and managed services provider, our goal remains the same: to provide world-class customer experiences for the companies who are often ignored by big enterprises. To do this, we need top talent, skilled specialists, and the hardest of workers looking to build successful careers at Impact.<br /><br /><a href="https://www.impactmybiz.com/managed-services/cybersecurity/" target="_blank" rel="noopener noreferrer">Learn more about our Managed Cybersecurity Services</a><br /></strong>

Anaheim, CA

Impact

<div class="about-us-description ng-binding"> <div class="fusion-text"> <h4 class="fusion-responsive-typography-calculated" style="padding-left: 30px;" data-fontsize="24" data-lineheight="31.92px"><strong>Building the people who build the business.<br /><br />We&rsquo;ve spent the past 20 years pushing the boundaries of traditional business. Though we&rsquo;ve evolved from an equipment dealership into an IT and managed services provider, our goal remains the same: to provide world-class customer experiences for the companies who are often ignored by big enterprises. To do this, we need top talent, skilled specialists and the hardest of workers looking to build successful careers at Impact.&nbsp;</strong></h4> </div> <div class="fusion-text"> <h4 style="padding-left: 30px;"><strong>Whether you&rsquo;re looking for a fresh start, a career change or the chance to use your experience to make a difference, you&rsquo;re welcome at Impact. With 700 employees and 18 locations spread across the Midwest and West Coast, we are committed to empowering each individual with education, training and the support needed to compete and succeed, and change the way our customers do business.</strong></h4> <h4 style="padding-left: 30px;"><strong>The world of technology shows no signs of slowing down, and neither do we. Think you can keep up? Apply today!</strong></h4> </div> </div> https://vizi.vizirecruiter.com/Impact-2824/index.html

keywords: managed security,offensive cybersecurity,career,support,analysis,risk audit,on-boarding,penetration testing,knowledge,certifications,license

Entry-Senior Level

Overview: <p>MITSec&rsquo;s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. MITSec will implement processes, technology, and provide subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, MITSec will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.</p> <p>MITSec is seeking team members to fill the role of Offensive Cybersecurity Engineer, at different levels. Individuals will have the opportunity to join at all levels based on their knowledge and skills demonstrated during the interview process including testing. MITSec has developed a career progression path, that challenges our team to grow as cybersecurity professionals with solid offensive cybersecurity knowledge and providing excellent customer service with ongoing audits and assessments as a member of the MITSec &ndash; Services team</p> <p>What you will be doing as a Penetration Tester, collaborate to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.</p> <p>The role of the Penetration Tester is challenging and rewarding. It requires a business acumen and effective communication skill set. The ability to communicate highly technical concepts to non-technical users is critical to client success. There may be an opportunity to mentor other Penetration Testers as needed.</p>
Responsibilities: Associate Penetration Tester <ul> <li>Conduct and/or support authorized penetration testing on enterprise network assets.</li> <li>Apply and utilize authorized cyber capabilities to enable access to targeted networks.</li> <li>Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements.</li> <li>Apply and obey applicable statutes, laws, regulations and policies.</li> <li>Collaborate with other internal and external partner organizations on target access and operational issues.</li> <li>Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.</li> <li>Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.</li> <li>Profile network or system administrators and their activities.</li> </ul> Core Penetration Tester (In addition to the above tasks) <ul> <li>Perform analysis for target infrastructure exploitation activities.</li> <li>Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access.</li> <li>Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.</li> <li>Examine intercept-related metadata and content with an understanding of targeting significance.</li> <li>Identify gaps in our understanding of target technology and developing innovative collection approaches.</li> <li>Lead or enable exploitation operations in support of organization objectives and target requirements.</li> <li>Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.</li> <li>Produce network reconstructions.</li> </ul> Senior Penetration Tester (In addition to the above tasks) <ul> <li>Perform penetration testing as required for new or updated applications.</li> <li>Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.</li> <li>Monitor target networks to provide indications and warning of target communications changes or processing failures.</li> </ul>
Requirements: Skills <ul> <li>Associate Penetration Tester <ul> <li>Evaluating accesses for intelligence value.</li> <li>Interpreting compiled and interpretive programming languages.</li> <li>Analyzing traffic to identify network devices.</li> <li>Creating and extracting important information from packet captures.</li> <li>Creating collection requirements in support of data acquisition activities.</li> <li>Identifying the devices that work at each level of protocol models.</li> <li>Interpreting metadata and content as applied by collection systems.</li> <li>Navigating network visualization software.</li> <li>Recognizing and interpreting malicious network activity in traffic.</li> <li>Recognizing midpoint opportunities and essential information.</li> <li>Recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, mail servers, domain servers, SMTP header information).</li> <li>Researching vulnerabilities and exploits utilized in traffic.</li> <li>Using databases to identify target-relevant information.</li> <li>Using trace route tools and interpreting the results as they apply to network analysis and reconstruction.</li> <li>Writing (and submitting) requirements to meet gaps in technical capabilities.</li> </ul> </li> <li>Core Penetration Tester <ul> <li>Identifying gaps in technical capabilities.</li> <li>Depicting source or collateral data on a network map.</li> <li>Determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.</li> <li>Generating operation plans in support of mission and target requirements.</li> <li>Target development in direct support of collection operations.</li> <li>Using non-attributable networks.</li> </ul> </li> <li>Senior Penetration Tester <ul> <li>Creating plans in support of remote operations. (i.e., hot/warm/cold/alternative sites, disaster recovery).</li> </ul> </li> </ul> Abilities <ul> <li>Associate Penetration Tester <ul> <li>Accurately and completely source all data used in intelligence, assessment and/or planning products.</li> <li>Collaborate effectively with others.</li> <li>Expand network access by conducting target analysis and collection to identify targets of interest.</li> <li>Identify/describe target vulnerability.</li> <li>Have or attain eJPT or equivalent certification within 8 months of employment.</li> </ul> </li> <li>Core Penetration Tester <ul> <li>Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.</li> <li>Evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.</li> <li>Identify/describe techniques/methods for conducting technical exploitation of the target.</li> <li>Select the appropriate implant to achieve operational goals.</li> <li>Have or attain OSCP or equivalent (ex. GPEN) certification within 6 months of employment.</li> </ul> </li> <li>Senior Penetration Tester <ul> <li>Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.</li> <li>Have or attain OSEP or equivalent (ex. GXPN) certification within 6 months of employment.</li> </ul> </li> </ul> Other Desired Attributes <ul> <li>Certifications include, but not limited to specialized penetration testing certifications recognized to text web application, mobile device, WiFi, and cloud.</li> <li>Public Trust background check (Limited Requirement)</li> <li>Must be able to do some light lifting</li> <li>College degrees may be a substitute for up to two years experience for Bachelor&rsquo;s degrees. 4 Years for Master&rsquo;s degrees.</li> </ul> <p>NOTE: EC-Council certifications will not be considered as having met requirements for KSA.</p>