Vulnerability Assessment Analyst and Penetration Tester 4
Apply NowCompany: NexThreat
Location: Camp Pendleton, CA 92055
Description:
Location: MCTSSA, Camp Pendleton North, California
Job Category: Information Technology
Time Type: Full time, core hours Monday through Friday, 0800-1600, excluding government holidays
Potential for Telework: No
Minimum Clearance Required to Start: Must have a TS Clearance and possess an SCI clearance within the last two years
Employee Type: W2 or 1099
Citizenship: US Citizen (non-dual citizenship)
NexThreat is seeking a Vulnerability Assessment Analyst and Penetration Tester 4. The responsibilities will revolve around the identification and exploitation of security weaknesses within software systems. Tasking includes discovering previously unknown vulnerabilities employing a diverse array of techniques, including fuzzing, reverse engineering, and binary analysis. This role involves developing reliable and effective exploits for these vulnerabilities, with a focus on diverse target platforms and applications. Must stay up to date with the latest security trends and exploit mitigations, continually honing skills to craft innovative and evasive techniques for bypassing security mechanisms. Ethical hacking, responsible disclosure, and clear documentation of findings will be essential.
Specific Requirements:
- Verify the mean time to detect a vulnerability (the average amount of time between the beginning of a vulnerability and the discovery of the vulnerability).
- Conduct total risk remediation. This metric will illustrate the effectiveness of vulnerability assessment.
- Identify the number of assets that are vulnerable. This metric will utilize a vulnerability management tool that includes auto-discovery functionality to detect new systems on the network.
- Track open vulnerabilities. This metric illustrates current technical debt across all systems. The numerical value of open vulnerabilities is not a risk rating. The value of the metric is realized when combined with other metrics to prioritize a vulnerability remediation process for critical systems.
Required Qualifications:
- Extensive expertise in cybersecurity, with a deep understanding of vulnerabilities and exploit techniques.
- Proven track record of discovering and responsibly disclosing zero-day vulnerabilities.
- Advanced skills in reverse engineering, binary analysis, and exploit development.
- Proficiency in programming and scripting languages, particularly C, C++, Python, and Assembly.
- Hands-on experience in developing reliable and effective exploits for various target systems and applications.
- In-depth knowledge of memory corruption vulnerabilities (e.g., buffer overflows, use-after-free).
- Familiarity with fuzzing techniques and experience running fuzzers to identify software flaws.
- Strong understanding of exploit mitigations and countermeasures.
- Expertise in evasion techniques and bypassing security mechanisms. Capability to develop and deploy custom tools for vulnerability discovery and exploit development.
- Excellent problem-solving skills, creativity, and the ability to adapt to new attack surfaces.
- Effective communication skills for documenting and presenting findings, as well as explaining exploit details.
- Commitment to ethical hacking principles and responsible disclosure practices.
Certifications:
Must have relevant certifications such as OSED, GXPN, or similar advanced security certifications.
Job Category: Information Technology
Time Type: Full time, core hours Monday through Friday, 0800-1600, excluding government holidays
Potential for Telework: No
Minimum Clearance Required to Start: Must have a TS Clearance and possess an SCI clearance within the last two years
Employee Type: W2 or 1099
Citizenship: US Citizen (non-dual citizenship)
NexThreat is seeking a Vulnerability Assessment Analyst and Penetration Tester 4. The responsibilities will revolve around the identification and exploitation of security weaknesses within software systems. Tasking includes discovering previously unknown vulnerabilities employing a diverse array of techniques, including fuzzing, reverse engineering, and binary analysis. This role involves developing reliable and effective exploits for these vulnerabilities, with a focus on diverse target platforms and applications. Must stay up to date with the latest security trends and exploit mitigations, continually honing skills to craft innovative and evasive techniques for bypassing security mechanisms. Ethical hacking, responsible disclosure, and clear documentation of findings will be essential.
Specific Requirements:
- Verify the mean time to detect a vulnerability (the average amount of time between the beginning of a vulnerability and the discovery of the vulnerability).
- Conduct total risk remediation. This metric will illustrate the effectiveness of vulnerability assessment.
- Identify the number of assets that are vulnerable. This metric will utilize a vulnerability management tool that includes auto-discovery functionality to detect new systems on the network.
- Track open vulnerabilities. This metric illustrates current technical debt across all systems. The numerical value of open vulnerabilities is not a risk rating. The value of the metric is realized when combined with other metrics to prioritize a vulnerability remediation process for critical systems.
Required Qualifications:
- Extensive expertise in cybersecurity, with a deep understanding of vulnerabilities and exploit techniques.
- Proven track record of discovering and responsibly disclosing zero-day vulnerabilities.
- Advanced skills in reverse engineering, binary analysis, and exploit development.
- Proficiency in programming and scripting languages, particularly C, C++, Python, and Assembly.
- Hands-on experience in developing reliable and effective exploits for various target systems and applications.
- In-depth knowledge of memory corruption vulnerabilities (e.g., buffer overflows, use-after-free).
- Familiarity with fuzzing techniques and experience running fuzzers to identify software flaws.
- Strong understanding of exploit mitigations and countermeasures.
- Expertise in evasion techniques and bypassing security mechanisms. Capability to develop and deploy custom tools for vulnerability discovery and exploit development.
- Excellent problem-solving skills, creativity, and the ability to adapt to new attack surfaces.
- Effective communication skills for documenting and presenting findings, as well as explaining exploit details.
- Commitment to ethical hacking principles and responsible disclosure practices.
Certifications:
Must have relevant certifications such as OSED, GXPN, or similar advanced security certifications.