Consultant Penetration Testing | Remote US
About Coalfire Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we’ve been on the cutting-edge of one of the world’s most important industries – and we’re committed to making the world a safer place by solving our clients’ toughest security challenges. Position SummaryCoalfire is composed of highly specialized security testers with a passion for enhancing system security postures. Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members have presented at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, about offensive and defensive operations as well as the tools and capabilities we create and share. Come join an amazing technical security team who makes a difference in the information security industry and consistently pushes the limit of offensive and defensive security capabilities. We’re growing rapidly and are currently seeking a Consultant Penetration Tester to support our operations remotely.
What You'll Do
- Conduct network and web application penetration testing, code reviews, social engineering, red team engagements, and physical security assessments
- Conduct security assessments on a wide variety of technologies and implementations
- Simulate sophisticated cyberattacks for clients worldwide
What You'll Bring
- 3+ years experience in information security with web application and network penetration testing experience
- Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
- Deep experience engaging clientele in consulting-related environments
- Experience leading or participating in Red Team engagements
- Reverse engineering malware, data obfuscators, or ciphers
- An aptitude for technical writing, including assessment reports, presentations, and operating procedures
- Strong understanding of security principles, policies, and industry best practices
- Ability to travel up to 20%
Bonus Points
- An advanced degree in an IT-related field
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Experience with API testing and Mobile Application testing
- Working knowledge of defensive security techniques and technologies
- Experience in exploit development
- CISSP, OSCP/E, GWAPT, GPEN, or GXPN certification(s)
- Familiarity with debuggers and disassemblers