| Penetration Tester - Orlando, FL(REMOTE) - USC,GC,GCEAD ,H4EAD & OPT at Orlando, Florida, USA |
| Email: [email protected] |
| From: Deepshikha Dixit, DRK America LLC [email protected] Reply to: [email protected] Hi, Hope you are doing great!! Please let me know your interest in the below role- Penetration Tester Location: Orlando, FL - REMOTE Length: 6-9Months contract Interview: Video Visa Status: USC,GC,GCEAD , H4EAD & OPT Job Description: Responsibilities: Perform red and purple team assessments, assumed breach assessments, threat analysis, and social engineering assessments. Communicate findings, associated risks, business impacts, and strategies to client stakeholders, including technical staff, executive leadership, and legal counsel. Research threats, vulnerabilities, and exploit techniques that attackers may use to exploit people, processes, and technology. Develop and prototype novel capabilities and techniques to enhance KPMG US Cybers red teaming capabilities and to avoid defensive countermeasures. Debug exploits and extend red team operations infrastructure automation. Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement. Understand clients' business environment and basic risk management approaches. Guide technical audiences on remediation options and assist them in weighing those options. Take ownership for delivering high-quality technical and executive reports. Partner with the other KPMG Cyber teams to support the practice and mentor junior and offshore team members on tradecraft and red team operations. Required: Minimum three (3) years of recent experience working with application and/or network penetration tools to perform security tests. Experience with breaching external networks and conducting post-exploitation across applications, internal infrastructure, and cloud environments. Understanding of real-world adversary operations TTPs. Experience applying frameworks (e.g., MITRE ATT&CK) in red and purple team engagements. Minimum two (2) years of recent experience conducting red and purple team exercises. Expertise in at least one common C2 framework (e.g., Cobalt Strike, Mythic, Empire). Experience evading antivirus, egress filtering, application allow-listing, and other security controls. Experience with several programming languages (examples include Bash, Python, C/C#/C++, Go, and Rust). Experience with quickly configuring and deploying resilient and flexible infrastructure. Ideally proven ability to automate red team operations infrastructure. Desirable certifications: SCP, OSEP, OSCE3, GRTP, GXPN, CRTO I/II, Sektor7. Ability to travel as necessary (up to 25%). Preferred Qualifications: Security community participation (e.g., conference speaker, tool development contributor). Track record in vulnerability research and CVE assignments. Experience with PE file format and low-level Windows APIs and internals. Experience with reverse engineering and Windows debugging (e.g., via IDA, Ghidra, WinDBG, etc.). Knowledge of EDR detection capabilities such as Carbon Black/CrowdStrike, etc. and associated evasion techniques for behavioral based alerts Thanks & Regards, Deepshikha Dixit | Lead HR DRK America LLC |Naperville, IL 60563 [email protected] Keywords: cprogramm cplusplus csharp golang green card Florida Illinois Penetration Tester - Orlando, FL(REMOTE) - USC,GC,GCEAD ,H4EAD & OPT [email protected] |
| [email protected] View all |
| Fri May 17 05:46:00 UTC 2024 |