Penetration Tester

$97,500 - $173,675/Yr

Navy Federal Credit Union - Vienna, VA

posted 4 months ago

Full-time - Mid Level
Remote - Vienna, VA
Credit Intermediation and Related Activities

About the position

The Penetration Tester role at Navy Federal involves conducting comprehensive penetration testing across various systems to identify vulnerabilities and provide remediation guidance. The position requires expertise in application, network, wireless, and mobile assessments, as well as leading red team campaigns. The tester will work closely with engineering teams to enhance the organization's security posture and manage risks effectively, all while operating under limited supervision.

Responsibilities

  • Independently manage penetration tests from inception through delivery.
  • Scope assessments and establish rules of engagement.
  • Design penetration tests for systems and applications using established assessment frameworks.
  • Source and leverage information such as source code and architecture diagrams to enhance assessment coverage.
  • Coordinate and schedule testing with engineering teams across the enterprise.
  • Manage relationships and communicate with engineering teams before, during, and after testing.
  • Act as subject matter expert with engineering teams when communicating results and remediation steps.
  • Act as a technical lead for multi-resource engagements.
  • Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks.
  • Leverage complex tactics including lateral movement, network tunneling, credential compromise, and hash cracking.
  • Lead red team exercises focusing on stealth and realistic threats.
  • Enhance testing by identifying novel attack patterns against NFCU systems.
  • Perform attacks consistent with common threats and uncommonly observed attacks.
  • Research and develop exploits for local and remote targets.
  • Craft proofs of concept and deployable exploits for vulnerabilities.
  • Create and automate custom fuzzing techniques relevant to NFCU technologies.
  • Develop custom scripts to check for security requirements specific to applications.
  • Communicate complex technical risks concisely to non-technical and executive audiences.
  • Employ OpSec best practices to minimize distribution of vulnerability data.
  • Mentor and support junior staff across the security organization.
  • Perform other duties as assigned.

Requirements

  • Bachelor's Degree in Information Technology, Electrical Engineering, Computer Science, or equivalent experience.
  • Advanced hands-on experience in cybersecurity and application security, specifically in penetration testing or red teaming.
  • Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks.
  • Experience testing against Active Directory environments.
  • Experience testing against both Linux and Windows systems.
  • Experience developing custom malware and evading EDR solutions.
  • Experience coding in languages such as Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS.
  • Advanced networking knowledge including IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS.
  • Advanced knowledge of modern cryptographic hashing and encryption methods.
  • Advanced organizational, planning, and time management skills.
  • Advanced communication, presentation, and analytical skills.

Nice-to-haves

  • Advanced degree in Information Technology, Electrical Engineering, Computer Science, or equivalent experience.
  • At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications.
  • Experience writing enterprise applications or performing techniques such as source code review.
  • Experience leading testing engagements end to end.
  • Advanced knowledge of Navy Federal's functions and operations.

Benefits

  • Highly competitive pay
  • Generous benefits and perks
  • Hybrid workplace options
  • Career development opportunities
  • Recognition for teams and individual contributions

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service