Hellfire Security is a young and dynamic international company focusing solely on cybersecurity Assessment and Managed Security Services. We are looking for Cybersecurity Operations Testers that can help us assess customer applications.

Responsibilities

• Perform penetration tests from both the outside and the inside of a customer network
• Assess customer applications using both black-box and grey-box approaches
• Log all activity, collect tool output, and capture evidence
• Secure work product to prevent accidental disclosure
• Setup lab environments for reverse engineering and attack POC
• Provide Daily Status Reports to team leads
• Contribute to customer reports

Required Skills

• 3-5 years of experience in performing penetration tests against mobile, web, and enterprise applications including API
• Experience testing traditional web applications such as PHP, ASPX, and JSP as well as more modern applications such as those based on NodeJS
• Experience testing a variety of different API including REST and websocket API using a variety of different data structures such as XML and JSON
• Experience using tools such as testssl, dirbuster, Burpsuite and SoapUI for testing web applications and API
• Experience using tools such as class dump, clutch, gdb, cycript, apk tool, sqlite manager, drozer, and frida for testing mobile applications
• Experience manually executing attacks such as XSS, CSRF, SQL Injection, Command Injection, XXEi, LFI, SSRF, etc.
• Experience with the OWASP testing guide
• Intermediate knowledge of Windows and Linux
• Good knowledge of programming languages such as JavaScript, PHP, Java, python, or C
• Can write concise and meaningful reports to both upper management and technical level audiences

Preferred Skills

• Experience debugging applications with tools such as gdb, IDA, Ghirdra, and valgrind
• Experience fuzzing application input via the network and file system using tools such spike
• Experience with automated code review using tools such as cppcheck and GoSec
• Experience with manually reviewing code written in C, go, or other similarly compiled language for flaws
• Experience with the OWASP mobile testing guide and Software Assurance Maturity Model
• Good knowledge of TCP/IP and other application and network level protocols
• Ability to provide suggestions to remediate vulnerabilities
• GWAPT or OSWA certification

Qualifications

• Ability to self-manage including planning, providing status updates and metrics
• Can communicate well (written and spoken)
• Can work alone or in a team
• Good organization skills
• Good time management
• Responds well to criticism and encouragement from co-workers and customers

We welcome all candidates with or without certification or degree. Brief skills assessment will, however, follow the initial interview so be prepared.