Join KCG’s elite division, KCG Cyber Attack and Penetration Division, providing the best in threat simulation services to our commercialclients.
Do you think you have what it takes to join KCG’s elite Cyber Attack Penetration Division? Do you dream in binary and live for exploiting systems? Do you think outside the box, love to learn, and are passionate about helping clients improve their security posture? Then you might be a good fit for KCG’s Cyber Attack Penetration Division (CAPD).
As a Senior Penetration Tester, you conduct highly technical security assessments for our commercial clients. You are comfortable switching between assessment types, and well-versed in many attack techniques. This includes goal-focused exploitation, identifying realistic risks, and clearly communicating your findings and recommendations to key stakeholders. You are at home explaining your analyses and recommendations to both executives and technical personnel and understand that no two clients are alike. As a subject matter expert in cyber exploitation, you conduct penetration tests that are well-defined and diverse. You work well independently with little supervision, but also enjoy a strong team that shares information freely. If the idea of discovering a zero-day vulnerability, chaining exploits together, and helping clients understand risk and improve their security excites you, then this might be the job for you.
- Conduct a variety of penetration tests for high-end commercial clients
- Prepare and deliver quality reports that comprehensively and clearly explain risk, demonstrate findings, and offer tactical and strategic recommendations to clients
- Deliver debriefing presentations to key stakeholders
- Research the latest exploit methodologies and transfer knowledge to other team-members
- Deliver course content to technical personnel
- Represent KCG at conferences, podcasts, webinars, articles, etc.
- Assist clients with deploying security testing tools (e.g., Metasploit Pro, Nexpose)
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Demonstrated expertise with:
- Internal network penetration testing
- External network penetration testing
- Web application penetration testing
- Social engineering penetration testing
- Wireless penetration testing
- Physical security penetration testing
- Mobile application penetration testing
- Report writing
- One or more scripting languages: Python, PowerShell, Bash, Perl
- The following tools: Metasploit Pro, BurpSuite Pro, Nmap, vulnerability scanning tools (Nexpose, Nessus), disassemblers/debuggers (IDA Pro, GDB), packet capturing tools (Wireshark, DSniff), Aircrack, OCL-Hashcat, Netcat, regular expression and stream manipulation tools (Grep, Awk, Sed)
- Self motivated, entrepreneurial spirit, and able to work in an independent manner
- Strong attention to detail while being able to think ‘outside-the-box’ as needed to achieve results
Other Qualifications (desired):
- Reverse engineering / exploit development
- CISSP, GPEN, OSCP, CEPT, CEH a plus
- Publications and/or conference speaking experience
- Familiarity with compliance regulations such as PCI-DSS, HIPAA, NIST, FERPA, FISMA, ISO, NIST, etc.