Lead Cloud Penetration Tester
$150,000 - $165,000/Yr
Wolf Den Associates - Colorado Springs, CO
posted 10 days ago
Full-time - Mid Level
Hybrid - Colorado Springs, CO
Professional, Scientific, and Technical Services
About the position
The Lead Cloud Penetration Tester at Dark Wolf Solutions is a pivotal role focused on assessing and enhancing the security of various products, including hardware, software, and embedded systems. This position requires a deep understanding of penetration testing methodologies and advanced exploit development, with an emphasis on identifying and mitigating vulnerabilities across a wide range of technologies. The role offers the opportunity to work on cutting-edge technologies in a hybrid work environment.
Responsibilities
- Conducting comprehensive penetration testing on hardware, software, and network components.
- Performing advanced vulnerability scanning and assessments on all components.
- Conducting a Cybersecurity evaluation of the product under test to identify vulnerabilities affecting Confidentiality, Integrity, or Availability.
- Providing insights on the impact and effort required to exploit identified vulnerabilities and suggesting high-level remediation strategies.
- Testing complex technologies and mentoring junior testers through advanced testing scenarios.
- Articulating higher-order impacts of identified vulnerabilities.
- Informing clients about how identified vulnerabilities can be chained to create a cyber 'kill-chain'.
- Ensuring quality control on all artifacts generated during the penetration testing process.
- Analyzing software, firmware, hardware, and RF components within the system.
- Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
- Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
- Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
- Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
- Performing manual verification of vulnerabilities, assessing their risk and exploitability.
- Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
- Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
- Reporting detailed findings and providing actionable recommendations for remediation.
Requirements
- 3+ years' experience in penetration testing and vulnerability assessment.
- Proficiency in firmware analysis, reverse engineering, and binary exploitation.
- Experience in web application security testing and API security assessments.
- Hands-on experience with wireless and RF security testing.
- Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering.
- US Citizenship and clearable at a minimum of the Secret Level.
Nice-to-haves
- Bachelor's degree in Cybersecurity, Information Technology, or a related field.
- Proven ability to develop and execute complex exploits and PoC attacks.
- Strong analytical skills and experience in firmware and embedded systems testing.
- Effective communication skills, with the ability to present findings and recommendations clearly.
- Certifications such as OSCP, PNPT, GPEN or similar are highly desirable.
Benefits
- Competitive salary range of $150,000 - $165,000 based on experience and technical skillset.
- Hybrid work environment.
- Opportunities for professional development and training.
