Penetration Tester

Navy Federal Credit Union - San Diego, CA

posted 2 months ago

Full-time - Mid Level
San Diego, CA
Credit Intermediation and Related Activities

About the position

As a Penetration Tester at Navy Federal Credit Union, you will play a critical role in enhancing the security posture of the organization by performing comprehensive penetration testing across various systems. Your primary responsibility will be to identify vulnerabilities and provide actionable remediation guidance to relevant teams. This position requires you to conduct assessments on applications, networks, wireless systems, and mobile platforms, as well as lead red team campaigns to simulate real-world attack scenarios. You will assess a wide variety of critical systems and applications to discover exploitable risks, ultimately improving the risk posture of the credit union. Your work will be performed under limited supervision, allowing you to take ownership of your projects and deliver impactful results. In this role, you will independently manage penetration tests from inception through delivery. This includes scoping assessments, establishing rules of engagement, and designing penetration tests tailored to specific systems and applications. You will leverage various information sources, such as source code and architecture diagrams, to enhance assessment coverage. Effective communication and relationship management with engineering teams will be essential, as you will coordinate and schedule testing, act as a subject matter expert, and communicate results and remediation steps clearly. You will also be responsible for identifying and prescribing remediation for vulnerabilities in NFCU applications, systems, and networks. This will involve employing complex tactics, leading red team exercises, and enhancing testing methodologies by identifying novel attack patterns. Your technical expertise will be crucial in crafting proofs of concept and developing custom scripts to check for security requirements specific to individual applications. Additionally, you will mentor and support junior staff, fostering a collaborative and knowledgeable security organization.

Responsibilities

  • Independently manage penetration tests from inception through delivery.
  • Scope assessments and establish rules of engagement.
  • Design penetration tests for systems and applications using established assessment frameworks.
  • Source and leverage information such as source code and architecture diagrams to enhance assessment coverage.
  • Coordinate and schedule testing with engineering teams across the enterprise.
  • Effectively manage relationships and communicate with engineering teams before, during, and after testing.
  • Act as subject matter expert with engineering teams when communicating results, preventative measures, and remediation steps.
  • Act as a technical lead for multi-resource engagements.
  • Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks.
  • Leverage complex tactics including lateral movement, network tunneling/pivoting, credential compromise, and hash cracking.
  • Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats.
  • Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data.
  • Perform attacks consistent with common threats (e.g., OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks.
  • Research and develop exploits for local and remote targets.
  • Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities.
  • Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies.
  • Develop custom scripts (Nuclei, Python, etc.) to check for security requirements specific to individual applications.
  • Communicate complex technical risks concisely to non-technical and executive audiences.
  • Effectively employ OpSec best practices to minimize distribution of vulnerability data.
  • Mentor and support more junior staff across the security organization.
  • Perform other duties as assigned.

Requirements

  • Bachelor's Degree in Information Technology, Electrical Engineering, Computer Science, or equivalent combination of education, training, or experience.
  • Advanced hands-on experience in cybersecurity and/or application security, with penetration testing or red teaming as the primary role.
  • Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks.
  • Experience testing against Active Directory environments.
  • Experience testing against both Linux-based and Windows-based systems.
  • Experience developing custom malware and evading EDR solutions.
  • Experience coding in languages and frameworks such as Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS.
  • Advanced networking knowledge spanning IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS.
  • Advanced knowledge of modern cryptographic hashing & encryption methods and best practices.
  • Advanced organizational, planning, and time management skills.
  • Advanced communication, presentation, and analytical skills.

Nice-to-haves

  • Advanced degree in Information Technology, Electrical Engineering, Computer Science, or equivalent combination of education, training, or experience.
  • At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications ("Registered" and "Certified" levels such as CRT or CCSAS).
  • Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc.
  • Experience leading testing engagements end to end.
  • Advanced knowledge of Navy Federal's functions, philosophy, operations, and organizational objectives.

Benefits

  • Highly competitive pay
  • Generous benefits and perks
  • Hybrid workplace options
  • Opportunities for professional development
  • Recognition for diversity and inclusion efforts
  • Support for work-life balance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service