Penetration Tester

Are you ready to take your cybersecurity career to the next level and work with a team of elite offensive security professionals? We're seeking a seasoned Senior Penetration Tester with extensive experience in red teaming. As a senior member of our offensive security team, you'll play a pivotal role in safeguarding our clients' digital assets by identifying and mitigating potential threats and leading red team engagements that emulate the tactics, techniques, and procedures (TTPs) of the most advanced threat actors.

In this role, you'll be more than just a penetration tester; you'll be a key strategist and leader, orchestrating comprehensive security assessments and red team operations. Your expertise in ethical hacking, advanced penetration testing, and adversarial threat emulation methodologies will be crucial in uncovering vulnerabilities within our clients' infrastructures, including cloud environments and web applications. We foster a culture of innovation and collaboration, where your ability to work with and inspire the team will be essential in tackling complex security challenges, emphasizing teamwork, process improvement, and cutting-edge solutions.

Key Responsibilities

• Advanced Penetration Testing: Dive deep into clients' systems, networks, cloud environments, and applications utilizing powerful tools such as Cobalt Strike, Sliver, C2 Frameworks, Burp Suite, Metasploit, Nmap, and Wireshark.
• Red Team Operations: Lead red team engagements, emulating sophisticated threat actors to test clients' defenses. Develop and execute realistic attack scenarios to identify weaknesses and gaps in security measures.
• Custom Tool Development: Write and modify custom code to bypass complex EDR/XDR/MDR tooling. Develop advanced evasion techniques to remain undetected against top-tier security solutions.
• Strategic Attack Simulation: Analyze the intricate attack surface of clients, crafting bespoke penetration strategies. Employ OSINT techniques to maximize attack vectors, simulating real-world cyber threats. Gain access through advanced targeted phishing campaigns bypassing security measures and MFA with session token theft.
• Precise Vulnerability Discovery: Employ manual efforts and automated tools to uncover hidden risks. Expertly detect web application vulnerabilities like SQL injection and cross-site scripting (XSS), and exploit security misconfigurations.
• Cloud and Web App Penetration Testing: Conduct thorough assessments of cloud-based services and web applications to identify and exploit vulnerabilities unique to these environments.
• Detailed Exploitation Reporting: Craft comprehensive reports outlining identified vulnerabilities, potential exploitation paths, and recommended mitigation strategies.
• Describe advanced Active Directory exploit paths and complex web application attack vectors with precision. Technical Insight Communication: Translate technical findings into actionable insights. Explain complex exploitation scenarios and potential impacts, enabling clients to enhance their security posture. Discuss sophisticated Active Directory, cloud, and web app vulnerabilities in clear terms.
• Remediation Guidance and Implementation: Transfer recommendations from assessments into actionable plans and assist with remediation efforts.
• Cutting-Edge Skill Refinement: Stay current with training, certifications, evolving security threats, emerging vulnerabilities, industry best practices, and Zero Trust architecture.

Skills, Knowledge & Expertise

• 5+ years of hands-on IT infrastructure, cloud support, and administration.
• 5+ years of experience performing Penetration Tests, Ethical Hacking, Red Teaming, and Vulnerability assessments.
• Candidate must possess the OSCP and CRTO to be considered for the position.
• Bachelor’s degree in computer science, Information Security, or a related field.
• Preferred Certifications: OSEP, OSED, OSWE, OSCE3, OSEE, CRTO II, CISSP certified.
• Methodology Advancements: Drive the progression of penetration testing methodologies. Contribute to refining tools, bypasses, evasion techniques, and developing new methods, elevating the art of ethical hacking and red teaming.
• Red Team Expertise: Emulate advanced threat actors and develop tailored attack scenarios. Utilize and enhance custom tools and scripts to bypass sophisticated security measures.
• Knowledge Sharing: Guide junior team members, imparting expertise in AD, SQL, cloud, and web app exploits. Enhance team growth through workshops and hands-on mentoring, elevating overall technical proficiency.
• Ethical Integrity: Uphold ethical standards, ensuring engagements and client interactions are conducted with the utmost integrity. Maintain strict confidentiality, showcasing the company's dedication to ethical excellence.
• Join us on this exhilarating journey at Blue Mantis, where your expertise and influence will be the cornerstone of our clients' digital defense strategy.

Blue Mantis does not accept unsolicited agency resumes and ask that you do not forward resumes to Blue Mantis employees, any physical Blue Mantis location, or any Blue Mantis email address. We take no responsibility for any fees related to unsolicited resumes. This also applies for reaching out directly to Blue Mantis Employees & Blue Mantis Managers or Blue Mantis executives..................

About Blue Mantis

Blue Mantis is a leading strategic digital technology services provider with a 30+ year history of successfully helping clients achieve business modernization by applying next-generation technologies including managed services, cybersecurity and cloud. Headquartered in Portsmouth, New Hampshire, the company provides digital technology services and strategic guidance to ensure clients quickly adapt and grow through automation and innovation. Blue Mantis partners with more than 1,200 leading mid-market and enterprise organizations in a multitude of vertical industries and is backed by leading private equity firm, Abry Partners.