Cybersecurity operations tester tier-1

Posted: July 1, 2022, 11:47 a.m. - Full Time - Remote

Hellfire Security is a young and dynamic international company focusing solely on cybersecurity Assessment and Managed Security Services. We are looking for Cybersecurity Operations Testers that can help us assess customer networks, systems, and applications.

Responsibilities

  • Perform penetration tests from both the outside and the inside of a customer network
  • Assess customer networks, and applications using both black-box and grey-box approaches
  • Log all activity, collect tool output, and capture evidence
  • Secure work product to prevent accidental disclosure
  • Setup lab environments for reverse engineering, attack tests, and payload survivability testing
  • Provide Daily Status Reports to team leads
  • Contribute to customer reports

Required Skills

  • 3-5 years of experience in network penetration testing of both the perimeter and the internal network
  • Experience using Google Dorks, theharvester, fierce, dnsmap, nslookup, dig, nmap, ftp, snmpwalk, netcat, dirbuster, and burp
  • Experience using ettercap, yersinia, Wireshark, mitmproxy, impacket, and metasploit
  • Experience executing attacks such as ARP poisoning, NBNS/DNS spoofing, and types of other IPv4 and IPv6MiTM attacks including those that involve TLS interception
  • Experience with local privilege escalations, SAM dumps, Active Directory attacks, and SMB attacks such as PassTheHash and NTLMRelay
  • Good knowledge of TCP/IP and other application and network level protocols
  • Experience building password lists and executing password guessing
  • Intermediate knowledge of Windows and Linux
  • Can write concise and meaningful reports to both upper management and technical level audiences

Preferred Skills

  • Experience reverse engineering authentication processes and authoring password guessing scripts to emulate
  • Experience bypassing port security, network access control (NAC), and firewall rules
  • Experience executing remote social engineering attacks such as phishing using a click link, open attachment, or disclose information scenario
  • Experience executing in-person social engineering attacks such as tail-gating and impersonation
  • Good knowledge of programming languages such as JavaScript, PHP, Java, python, or C
  • Experience with the PTES framework
  • Ability to provide suggestions to remediate vulnerabilities
  • GPEN, GXPN, OSCP, or OSEP certification

Qualifications

  • Ability to self-manage including planning, providing status updates and metrics
  • Can communicate well (written and spoken)
  • Can work alone or in a team
  • Good organization skills
  • Good time management
  • Responds well to criticism and encouragement from co-workers and customers

We welcome all candidates with or without certification or degree. A skills test, however, must be passed in order to qualify for an interview.