Join KCG's elite division, KCG Cyber Attack & Penetration Division providing services to commercial and federal customers.
Candidate will be responsible for performing various security assessments, educating the client on the inherent risks, and providing meaningful hardening and mitigation strategies. Job responsibilities include network and web-based application penetration tests, physical security assessments, logical security audits, social engineering assessments, and hands-on technical security evaluations and implementations. Additionally, this person will be expected to develop subject matter expertise or focused capabilities in the topics of database security, wireless security, or application and development security.
- Conduct network and web-based application penetration tests
- Conduct physical security assessments
- Conduct logical security audits and hands-on technical security evaluations and implementations
- Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security
- Conduct wireless security assessments
- Conduct social engineering assessments
- Conduct mobile application assessments
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Demonstrated technical experience with:
- Web Application Penetration Testing
- Internal and External Penetration Testing
- Wireless Penetration Testing
Must also have:
- Two plus years of experience in information security with specific application penetration testing experience.
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Buffer Overflows, etc.
- Familiarity with penetration testing tools such as Kali, Metasploit, Nmap, Wireshark, web proxies (e.g., Burpsuite, Paros), vulnerability scanning tools (e.g., Nessus, Nexpose, etc.), disassemblers/debuggers (e.g., IDA Pro, GDB, etc.).
- Experience with one or more scripting languages (e.g., Python, Powershell, Bash, etc.).
Technical writing experience (required):
- Security assessment reports
- Standard operating procedures documents
- Formal policy and procedure documents
- Excellent written and oral communication skills.
- Self motivated, enterpreneurial spirit, and able to work in an independent manner.
Other Qualifications (desired):
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Familiarity with compliance regulations such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), ISO 27000 series, SOC, NIST, Family Educational Rights and Privacy Act (FERPA),Federal Information Secuirty Management Act (FISMA), etc.
- CISSP, GPEN, CEH, CEPT, LPT, OSCP certification a plus.
- Advanced degree in an IT related field a plus.
- Working knowledge of firewalls and other network security products.
- Knowledge of applied cryptographic protocols.
- Familiarity with XML, SOAP, and Ajax.
- Familiarity with regular expressions and/or stream manipulation toosl (e.g., grep, awk, sed).
- Experience with mobile application assessment tools (e.g., Cycript, adb, class-dump-z, etc.).