pen tester

company i work for is looking to hire someone in the DC area, here is the job description. please PM if you are interested. i dont know how much they are offering. but i can put you in connecting with HR. this is a contacting company.
(before they advertise jobs, they usually ask current employees if they know anyone)

[h=1]Description[/h] We are looking for a Vulnerability Research & Exploit Development Lead to support an important government customer in Washington, D.C.

This position is contingent upon Contract Award and Customer Approval.
As a Vulnerability Research & Exploit Development Lead you will need background knowledge of creating zero-day exploits to be used in red team/penetration testing. Expert knowledge in researching and testing new technology. Lastly, background in managing in lab environment.
Requirements
TS/SCI Clearance
BS in related field with 8+ years of related experience and 2+ years of management experience
Windows, Linux, McAfee or CISCO certification
IAT Level II (GSEC, Security+, or SSCP) certifications
CND-A (CEH, GCIA or GCIH) certifications
OSCP and OSCE certifications
Experience manipulating application vulnerabilities (buffer overflows, weak encryption, cross site scripting)
Experience discovering and analyzing of exploits through fuzzing, binary code analysis, and reverse engineering
Experience creating exploits with evasion techniques for IDS/HBS
Experience with multiple OS (Unix, Linux, and Windows) and multiple programming languages (C+, ASM, Python, Rugby)
Experience conducting research on Open Source sites to identify vulnerabilities, risks, and related trends and collaborating with risk groups such as US-CERT and CYBERCOM
Experience with malware reverse engineering and developing mitigations for zero-day findings

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

bryguy

22306 wrote: »

company i work for is looking to hire someone in the DC area, here is the job description. please PM if you are interested. i dont know how much they are offering. but i can put you in connecting with HR. this is a contacting company.
(before they advertise jobs, they usually ask current employees if they know anyone)

Description

We are looking for a Vulnerability Research & Exploit Development Lead to support an important government customer in Washington, D.C.

This position is contingent upon Contract Award and Customer Approval.
As a Vulnerability Research & Exploit Development Lead you will need background knowledge of creating zero-day exploits to be used in red team/penetration testing. Expert knowledge in researching and testing new technology. Lastly, background in managing in lab environment.
Requirements
TS/SCI Clearance
BS in related field with 8+ years of related experience and 2+ years of management experience
Windows, Linux, McAfee or CISCO certification
IAT Level II (GSEC, Security+, or SSCP) certifications
CND-A (CEH, GCIA or GCIH) certifications
OSCP and OSCE certifications
Experience manipulating application vulnerabilities (buffer overflows, weak encryption, cross site scripting)
Experience discovering and analyzing of exploits through fuzzing, binary code analysis, and reverse engineering
Experience creating exploits with evasion techniques for IDS/HBS
Experience with multiple OS (Unix, Linux, and Windows) and multiple programming languages (C+, ASM, Python, Rugby)
Experience conducting research on Open Source sites to identify vulnerabilities, risks, and related trends and collaborating with risk groups such as US-CERT and CYBERCOM
Experience with malware reverse engineering and developing mitigations for zero-day findings

I'm sure my college Rugby experience will come in handy.

NovaHax

22306 wrote: »

company i work for is looking to hire someone in the DC area, here is the job description. please PM if you are interested. i dont know how much they are offering. but i can put you in connecting with HR. this is a contacting company.
(before they advertise jobs, they usually ask current employees if they know anyone)

Description

We are looking for a Vulnerability Research & Exploit Development Lead to support an important government customer in Washington, D.C.

This position is contingent upon Contract Award and Customer Approval.
As a Vulnerability Research & Exploit Development Lead you will need background knowledge of creating zero-day exploits to be used in red team/penetration testing. Expert knowledge in researching and testing new technology. Lastly, background in managing in lab environment.
Requirements
TS/SCI Clearance
BS in related field with 8+ years of related experience and 2+ years of management experience
Windows, Linux, McAfee or CISCO certification
IAT Level II (GSEC, Security+, or SSCP) certifications
CND-A (CEH, GCIA or GCIH) certifications
OSCP and OSCE certifications
Experience manipulating application vulnerabilities (buffer overflows, weak encryption, cross site scripting)
Experience discovering and analyzing of exploits through fuzzing, binary code analysis, and reverse engineering
Experience creating exploits with evasion techniques for IDS/HBS
Experience with multiple OS (Unix, Linux, and Windows) and multiple programming languages (C+, ASM, Python, Rugby)
Experience conducting research on Open Source sites to identify vulnerabilities, risks, and related trends and collaborating with risk groups such as US-CERT and CYBERCOM
Experience with malware reverse engineering and developing mitigations for zero-day findings

Damn man. Why don't you add "walks on water" too?

NovaHax

Just kidding...kinda

. That's some brutal requirements man. Good luck with your search.

MrAgent

I was thinking the exact same thing. That's a hell of a lot of requirements. Good luck finding all of that.

lsud00d

It doesn't seem overboard to me for a lead position...rather it seems like stuff you should know for doing vuln research and exploit development. The position does ask for ~8+ years related experience, which is plenty of time to accomplish what's requested in the experience section.

NovaHax

Don't get me wrong, I'm sure there is some people out there who would qualify, but I've worked in security for a while, and have worked with some extremely impressive people, but I don't think I've ever met a person who could check every single one of those boxes. I can think of a few who are only 1 or 2 short, but I can't think of anyone that could check them all.

Obviously the biggest chopping block there would be OSCE. And of all the OSCEs I've know of...they either lack the TS/SCI clearance or are very technically proficient and have little to no interest in management. Its a tough role to fill...that's all.

22306

btw HR and recruiters normally put bunch of stuff in their description but honestly i have friend who was just hired as a system admin(working with servers) and she knows nothing about IT. you just apply and get the first interview and if you well in that interview. you are in.