Mid-Level Penetration Tester

About the position

Tyto Athene is seeking a Mid-Level Penetration Tester to support cybersecurity efforts for clients in Arlington, Virginia. The role involves conducting vulnerability assessments, penetration tests, and social engineering tests, while analyzing technical security weaknesses and developing exploits. The ideal candidate will have a strong technical background in system architecture, operating systems, and network infrastructure, along with experience in manual penetration testing and the use of various security tools.

Responsibilities

• Conduct vulnerability assessments
• Carry out penetration tests and perform social engineering tests
• Analyze technical security weaknesses
• Perform risk analyses and develop exploits
• Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption
• Develop tools, techniques, training, and countermeasures for computer and network vulnerabilities, data hiding, and encryption.

Requirements

• Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience, or a Master's degree and 4 years
• Strong technical background in system architecture and design, operating systems, network infrastructure, software installation, software development, and databases
• Experience in Security, Software Development, Networking, and/or Systems Administration
• Understanding of 3-tiered Web Applications and Mobile Application Architectures
• Manual Penetration Testing Experience (e.g., mapping applications, injecting SQLi, XSS, XXE, exploit creation)
• Commercial Web Application Tool Experience (e.g., BurpSuite, AppScan, WebInspect)
• Network Penetration Testing Tool Experience (e.g., Nmap, Nessus, Wireshark, Metasploit, Hydra, John)
• Exceptional communication skills to explain technical details of vulnerabilities to various stakeholders.

Nice-to-haves

• PNPT - Practical Network Penetration Tester certification
• OSCP - Offensive Security Certified Professional certification
• CRTO - Certified Red Team Operator certification
• CRTP - Certified Red Team Professional certification
• Web Services Security Penetration Testing Experience
• Commercial Network Penetration Testing Tool Experience (e.g., Metasploit, Cobaltstrike)
• Experience with Open Source Tools (e.g., Powershell Empire, PowerSploit, Impacket, Rubeus, Mimikatz)
• Software Development and/or Scripting Experience in PowerShell, .NET, C++, Java, C#, Perl, Python, or Bash
• Experience with Virtual Machine technologies
• Database Experience (DBA or security penetration testing)
• Source Code Review (Static Code Analysis) experience
• Good technical writing skills and attention to detail.

Benefits

• Opportunities for career growth and development
• Innovative and collaborative work environment
• Support for creativity and teamwork