Penetration Tester

Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This individual will play a critical role in assessing and enhancing the security of various products, including hardware, software, and embedded systems. This role demands a deep understanding of penetration testing methodologies and advanced exploit development, focusing on identifying and mitigating vulnerabilities across a wide range of technologies. As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of products. If you possess a strong background in penetration testing and a passion for cybersecurity, we encourage you to apply for this pivotal role. This position is set to be supported in a hybrid work environment out of the DC Metro area. Key responsibilities include, but are not limited to:

• Conducting comprehensive penetration testing on hardware, software, and network components.
• Performing advanced vulnerability scanning and assessments on all components.
• Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
• Analyzing software, firmware, hardware, and/or RF components within the system.
• Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as providing information on a high-level remediation strategy.
• Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
• Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
• Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
• Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
• Performing manual verification of vulnerabilities, assessing their risk and exploitability.
• Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
• Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
• Reporting detailed findings, documenting case details, and providing actionable recommendations for remediation to enhance product security based on system analysis.
• Planning and executing full-scale, cross-domain vulnerability assessments, network penetration testing, and phishing/social engineering campaigns.

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Engineering, or a related field
• Minimum of 2+ years’ experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, or social engineering
• Proficiency with cloud technology and deployments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
• Proficiency in the testing and assessment of mobile operating systems, embedded systems, and/or IoT devices
• Experience in drafting reports, documenting case details, and summarizing findings and recommendations based on system analysis
• Experience performing advanced vulnerability scanning and assessments on all components
• Experience conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing
• Demonstrated strong written and verbal communication skills
• Strong understanding of NIST 800-53 frameworks
• US Citizenship and an active security clearance at a minimum of the Secret Level

Desired Qualifications:

• Familiarity with NIST 800-171 Revision 2
• Proven ability to develop and execute complex exploits and PoC attacks
• Strong analytical skills and experience in firmware, binary exploitation, and embedded systems testing
• Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering
• Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications

The salary range for this position is $130,000.00 - $145,000.00 commensurate on experience and technical skillset.

We are open to considering a variety of levels of experience for these projects and potential for 1099 hourly opportunity.