Offensive Security Consultant
VerSprite
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools.
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite’s advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.
Are you an ethical hacker looking to turn your early experience into a long-term career? Do you strive to upgrade your technical skills, and take on challenging pentests? VerSprite is looking for a Penetration Tester who’s passionate about deep-dive pentesting and eager to expand their offensive security knowledge. If this sounds like you, we’d like to chat.
Responsibilities
- Perform Web (Apps/Services/APIs) and Network (Internal/External/Cloud) Pentests
- Elaborate and properly document proof-of-concepts for real-world exploitation scenarios of the discovered vulnerabilities with enough details so they can be easily reproduced
- Analyze vulnerabilities and deliver clear and coherent written reporting
- Provide clients the technical risk associated to all findings reported while recognizing their true business impact
- Support all reported vulnerabilities with their remediation guidance
- Collaborate with other team members (Test Lead, Team Lead and fellow consultants) on penetration tests and red teaming engagements
- Execute projects according to the alignments defined by the rules of engagements and complete them within defined deadlines as required.
- Continuously learning and staying up-to-date with the latest attack techniques, tools, methodologies
Requirements
- Solid fundamentals in Web (Apps/Services/APIs) and network pentesting (2+ years). Pentesting experience in mobile apps (iOS/Android) is desirable.
- Experience with Social Engineering through Phishing Campaigns, Source Code Analysis, Cloud environments and Auditing Smart Contracts definitely a great bonus.
-
Solid understanding of common webapp vulnerabilities, exploitation techniques, and remediation options
-
Solid foundation on network protocols (HTTP, SSH, SMTP, etc) and their typical security issues
- Solid knowledge of common security concepts (crypto, AAA, AD security, SSO, OS Security, etc.) and practical offensive techniques (SSH tunneling, pivoting, OSCP equivalent knowledge)
- Proficient in developing in at least two languages, ideally one Web and one Scripting: Python, Ruby, Swift, Golang, C/C++, .NET, PHP, JS, BASH, etc.
- Passion for learning new technologies and processes, and contributing to refining existing capabilities
- Experience developing custom scripts or tools to enhance penetration testing and improve automation of repetitive tasks
- Work well under pressure and in a fast pace environment
Benefits
We offer a competitive compensation package where you’ll be recognized for the value you bring to our business, along with:
- Opportunities to develop new skills and progress your career;
- The freedom and flexibility to handle your role in a way that’s right for you; and
- A collaborative environment where everyone works together to create a better working world
If this seems intriguing to you, please apply! We will reach out promptly to discuss your fit and additional job details.
