Careers with CyberMaxx

SENIOR PENETRATION TESTER 

POSITION SUMMARY

Running nmap and a vulnerability scanner is not a penetration test. Cybermaxxs' Offensive Security Team attacks and exploits networks and applications. The Offensive Security Team is looking for a senior penetration tester to join our small team. This role will work primarily in commercial sector projects performing offensive engagements (application, network, mobile, wifi penetration testing, social engineering, red teaming, specialty security assessments) and otherwise support ongoing offensive operations and infrastructure.  

The person that takes this role will first and foremost be deeply technical, able to oversee and execute high-quality penetration tests while maintaining client satisfaction, lead projects through the whole project life cycle and deliver on time, and possess strong communication skills with clients and other team members. There are no "rock stars" or "ninjas" on our team - we collaborate together to be the best we can collectively be at breaking into networks and applications. 

PRIMARY DUTIES | RESPONSIBILITIES 

• Plan and execute full life cycle offensive operations. This includes project scoping, resource assignment recommendations, some RFP/SoW work, performing the penetration test, communicating progress with clients, writing professional quality reports, and presenting findings to executive and technical audiences.
• Effective communication. Writing and presenting are a large part of professional penetration testing. Senior penetration testers are expected to excel at communicating with client audiences (executive and technical audiences), and be good communicators within the team while collaborating on projects.
• Perform application penetration tests. Application pentests often include thick client, API, mobile SDK, and web applications from black, gray, and whitebox perspectives.
• Perform network penetration tests. External, internal, and wifi network penetration testing.  Capable of penetrating multiple platforms in enterprise environments.  Familiarity attacking Active Directory.
• Social engineering. Strong spear-phishing skills (both credential harvesting and remote code execution), ability to customize an attack for a client and build creative storylines that persuade targets to act on our lures.
• Contribute towards team tool kit, lab, and attack infrastructure. Become a regular contributor to team wiki and git repositories  
• Ability to train/mentor others in adversary techniques
• Follow primary source cyber security feeds, publications, and articles to remain current on tradecraft and vulnerabilities. Capable of curating relevant information and acting on it on engagements or updating internal playbooks.  
• Interface with clients and staff with professionalism and an overall positive attitude. A variety of problems will arise and will be dealt with but senior staff will proactively construct solutions. Negative demeanors are not fit with the team. 

• Exceptional troubleshooting and analytical abilities
• Senior-level experience with enterprise penetration testing. Must be strong at network and application testing for this senior position
• Seniority with Linux and Windows. Must have strong practical experience in both environments
• Senior-level network experience. PCAP interpretation and parsing, understanding of L1-8 protocols
• Rich experience exploiting vulnerabilities
• Strong with pivoting and tunneling to traverse network segments and chains of compromise
• Capable of managing multiple projects at once
• Time flexibility to deliver client off-hour testing requirements
• Great written and verbal communication
• Comfortable with online collaboration-based workflow. Encrypted chat is used to collaborate with remote colleagues and reports are written as a group in many cases
• Discretion. Accessing the CEO's inbox at $FORTUNE500 is not something that can be discussed with friends or your Twitter feed. General discretion and mature opsec practices are expected 

DESIRED

• Development: Any of Go, Python, Powershell, C#, and shell. Development would be to support offensive operations such as custom applications for spear phish attacks, C2 infrastructure, maintain forks of tools to eliminate signatures and implement private features
• Systems Engineering / DevOps: Ansible, terraform, or other automation infrastructure-as-code frameworks
• Red Teaming: Seasoned hacker capable of getting in, obtaining crown jewels, and getting out relatively undetected. Strong with AV/EDR evasion
• IaaS Providers: Strong technical skills in any of AWS, Azure, or GCE. Capable of penetration testing and gap analysis specific to IaaS providers. Comfortable with cli/API for at least one of these providers
• Ability to occasionally travel. Our team's workload is predominately remote but for occasional onsite requirements senior staff needs to be able to travel to client locations and maintain a good image for the company and team 

We are a company that cares deeply for its employees, and we understand that all of us have lives outside of work. We encourage a balanced life, and we’ll do everything we can to ensure you find us a welcoming, inclusive company. We encourage people of all backgrounds and identities to apply.

 BENEFITS | PERKS 

• 100% remote work: Anywhere in the US or Ireland
• Medical, dental, and vision coverage
• 401(k) with match
• Telephone and/or internet reimbursement
• Life Insurance
• HSA/FSA available
• Paid Training
• Unlimited PTO

ABOUT CYBERMAXX 

CyberMaxx provides operational cybersecurity solutions that protect large healthcare, financial services, and other security-sensitive organizations' technology assets. We prevent, detect, and respond to cyber-attacks through 24/7/365 managed security services so our clients can spend their time, talent, and budget on running their businesses without worrying about being in the headlines.

With more than 20 years of experience, we have been consistently rated as one of the tops Managed Detection and Response (MDR) Service Providers in the US, and have been named a Perennial “Best Places to Work” by the Nashville Business Journal and The Tennessean and is one of the CIOReview’s Top 20 Most Promising Cyber Security Solution Providers.