Job Description : - Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments - Develop comprehensive and accurate reports and presentations for both technical and executive audiences - Effectively communicate findings and strategy to stakeholders including technical staff, executive leadership, and other relevant parties - Recognize and safely utilize attacker tools, tactics, and procedures - Develop scripts, tools, or methodologies to enhance firm's Technology's red team / threat hunting processes - Assist with scoping prospective engagements, leading engagements from kick-off through remediation, and mentoring less experienced staff - Certifications: OSCP, OSCE, OSWP, AWAE, GPEN, GWAPT, GMOB, GXPN or similar - 5 plus years' experience in at least three of the following: - Network penetration testing and manipulation of network infrastructure - Mobile and/or web application assessments - Email, phone, or physical social-engineering assessments - Shell scripting or automation of simple tasks using Perl, Python, or Ruby - Developing, extending, or modifying exploits, shellcode or exploit tools - Developing applications in C#, ASP, .NET, Objective C, Go, or Java - Reverse engineering malware, data obfuscators, or ciphers - Source code review for control flow and security flaws - Strong knowledge of tools used for wireless, web application, and network security testing - Thorough understanding of network protocols, data on the wire, and covert channels - Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell - Ability to document and explain technical details in a concise, understandable manner - Ability to manage and balance own time among multiple tasks, and lead junior staff when required (ref:hirist.com)