This position reports to the Director, Offensive Cybersecurity Operations and will work as part of the Offensive Cybersecurity Operations Team to test clients' cybersecurity posture using an adversarial approach. The engineer will also work as a member of the Fortalice Government Solutions Team to discover security defects in government clients' systems and networks, define acceptable solutions to fix said defects, and support efforts to develop new cyber capabilities and methodologies. This position requires the engineer to think outside of the box and see problems through the eyes of an adversary with the intent of improving clients’ cybersecurity.

Company standard duties and responsibilities

●      Ensure all work and client deliverables are done with excellence.

●      Ensure work and client deliverables are completed in a timely manner and all deadlines are met.

●      Treat subordinates, peers, and supervisors with kindness, consideration, and respect.

●      Adhere to the Doctrine of Completed Staff work.

●      Continuously provide clients and partners with white glove service.

Priority duties and responsibilities

●      Recognize and safely utilize attacker tools, tactics, and procedures.

●      Participate in Red Team engagements.

●      Assist with the following:

○      vulnerability assessments,

○      penetration testing,

○      red team engagements,

○      web and mobile application testing,

○      social engineering assessments,

○      the development of comprehensive and accurate reports and presentations for both technical and non-technical audiences, and

○      scoping prospective engagements.

●      Assess and determine the exploitability of targets.

●      Identify basic security risks within applications, security controls, and network infrastructure.

●      Execute and report on testing activities and outcomes.

●      Under the guidance of more senior staff, develop scripts, tools, and/or methodologies to enhance Fortalice’s offensive assessment capabilities.

Other key duties and responsibilities

●      Keep abreast of current cybersecurity trends as well as the competitive landscape.

●      Conduct research on new security technologies and techniques.

Qualifications

●      Bachelor’s degree in computer science, information systems, cybersecurity or a related field OR three (3) years of experience in which the individual was paid to perform red, blue or purple team engagements.

●      General technical background preferred.

●      Previous information security related experience preferred, e.g., security analysis, malware research, penetration testing, etc.

●      Networking or system administration experience preferred.

●      Understanding of basic network protocols and their common port assignments.

●      GPEN, OSCP, eJPT, eCPPT, or a similar certification preferred.

●      Demonstrated understanding of the basics of penetration testing: network, web application, application/code review.

●      Demonstrated understanding of the penetration testing methodology laid out by the following standards: PTES, OSSTMM, NIST, OWASP, etc.

●      Familiarity with the command line interface of multiple operating systems, including Windows, Linux, etc.

●      Fundamental understanding of scripting languages, including Python, PowerShell, Ruby, and Perl.

●      Fundamental understanding of the coding languages, including C++, C#, PHP, AJAX, HTML, etc.

●      Basic experience with offensive tools, including Cobalt Strike, Metasploit, Nikto, SQLMAP, Responder, Nessus, Netcat, etc.

●      Ability to work efficiently in a team environment and receive direction from senior staff.

●      Ability to ask questions and gain further knowledge of problems which may arise during engagements.

●      Basic understanding of network protocols and commonly associated vulnerabilities.