Senior Cyber Security Penetration Tester (M/W/X)
new direction Cyber Security is seeking the most talented, driven, and intelligent in offensive and defensive security experts to join our penetration testing teams to secure organizations, platforms, and products. From large-scale cloud platforms to the newest mobile applications; global financial processing to regional healthcare providers; cutting edge development environments to traditional corporate enterprises.
In this role, you will assess real-life risks to diverse technical environments by identifying security weaknesses, actively exploit their findings, and determine additional impact through post–exploitation. Given your expertise and drive, you will face various challenges, including black box network testing, insider threat assessments, credentialed application exploitation, and testing the effectiveness of human and physical controls. You will have the opportunity to personally excel while having an expert team drive you to achieve your best and back you up with the diverse challenges you will face. Occasionally, and to keep things interesting, you will switch sides to maintain a full perspective of the security landscape by providing guidance on defensive designs or assisting compliance associates on difficult technical choices.
With ndCS, you will have the power to make a difference and face real challenges: improving environments security, advising teams on the most effective ways to address the core security problems, and solve real security problems. Challenges vary week to week and provide a wealth of experience.
Who You Are?
You should possess the following key character traits
- Creative, out-of-the-box thinking and capability to leverage various domains of knowledge to create uniquely tailored tests and solutions for complex problems
- Curious by nature, intrigued by how things work, and have an appetite to find weaknesses in their design and implementation
- You prefer building, contributing, and leading over falling in line
- You are happy to put in the extra effort building a tool that makes life easier on the team
- ndCS team members value developing long-term client relationships. You want to provide remediation suggestions that address the core issues, are sustainable, and work within the confines of the target environment
- You are passionate about technology
- You have a desire to stay current with the latest technologies, attacks, and hardening strategies. You are a regular online reader of blogs and social media for the latest in security, enjoy good conference talks, and contribute to exciting projects
- You have a driven personality, with a desire to continuously improve, put in the hours, and deliver. You take pride in your work, and you want it to be the best you can do
- Not opposed to traveling and can survive occasions requiring Domestic/International travel
- You are highly organized and detail-oriented with the ability to prioritize multiple projects while still balancing personal goals independently. You recognize when you need help and aren't afraid to ask for it
- Have a strong ethical compass and an understanding of ethics in business and information security. You will respect scope limitations, clean up after your attacks, and never access or retain data that is not pertinent to the testing
- Equally comfortable holding your own with a technical audience (especially the Unix-Beards) as well as communicating to a non-technical audience (including the C-Suite), both in writing and verbally
- Maintain a unique and independent identity, but respect other business' culture, including dress apparel, level of formality, and work schedules. We maintain a startup-style lifestyle internally while presenting a clean, elevated, and refined image to the rest of the world
- Willingness to relocate to Mering, Germany
We care more about knowledge drive over pieces of paper to serve as proof. As such, we’re looking for the following:
- 3+ years of experience in penetration testing, either consulting or internal
- You have performed one or more of the following roles as a penetration tester: external network penetration testing, internal network penetration testing, wireless penetration testing, web application penetration testing, mobile application penetration testing, social engineering, non-destructive physical security testing
- Gained strong technical knowledge and understanding of mixed-technology environments, include diverse operating systems, network hardware, web application languages, administration technologies, authentication mechanisms, and cloud platforms
- Extensively used publicly available penetration testing tools and frameworks, such as (but not limited to) Metasploit, Burp, Nmap, etc
- Developed or modified tools in scripting languages, such as Ruby, Python, Perl, or Java, to assist in testing a problem
- Learned the core fundamentals of computers, all the way down to protocol stacks
- Able to express yourself both orally and written formats in English; German is a plus.
- Be active in industry groups (e.g., OWASP, DEF CON Groups, City-Sec Meetups, or other security meetups) and/or conferences
- College or equivalent educational experience
- Have fun acronyms after your name, such as OSCP, OSWP, GPEN, GWAPT, CPTE, CISSP. We do require getting them as needed (ndCS will pay)
- Experience in modifying or creating tools or payloads to exploit vulnerabilities not adequately covered in other exploitation frameworks
- Have performed independent research, testing, or tool development on security issues out of curiosity
- Competitive Salary
- Standard benefit packages, including Medical/Dental/Vision, paid vacation time, retirement plan, and reimbursable internet/phone plans
- Training and professional development stipends (yes, this includes conferences!)
- Captivating challenges, meaningful work, and ability to grow, both intellectually and within the company
Up for the challenge?
To apply to join the ndCS team, please email join-us@ndcybersecurity.de with the following:
- Email Subject containing the role you are applying for
- Current Resume - Please attach your current resume in PDF outlining your experience, skills, and knowledge
- Who YOU are - Introduce yourself to us and outline what makes you unique, skilled, or otherwise interesting? Bonus points for outlining your personal passions or projects (whether it be technology, coffee, music, cooking, travel, athletics, outdoors, crafting, aviation, sailing, or other)
- What does it mean to you to be "ndCS" - Our team provides a top-tier level of delivery, both in technical abilities and in service? Briefly outline what you will do to make your work "ndCS" in quality