This individual will play a critical role in assessing and enhancing the security of various products, including hardware, software, and embedded systems. This role demands a deep understanding of penetration testing methodologies and advanced exploit development, focusing on identifying and mitigating vulnerabilities across a wide range of technologies. As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of products. If you possess a strong background in penetration testing and a passion for cybersecurity, we encourage you to apply for this pivotal role. This position is set to be supported in a hybrid work environment out of the DC Metro area. Key responsibilities include, but are not limited to:
- Conducting comprehensive penetration testing on hardware, software, and network components.
- Performing advanced vulnerability scanning and assessments on all components.
- Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
- Analyzing software, firmware, hardware, and/or RF components within the system.
- Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as providing information on a high-level remediation strategy.
- Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
- Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
- Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
- Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
- Performing manual verification of vulnerabilities, assessing their risk and exploitability.
- Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
- Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
- Reporting detailed findings, documenting case details, and providing actionable recommendations for remediation to enhance product security based on system analysis.
- Planning and executing full-scale, cross-domain vulnerability assessments, network penetration testing, and phishing/social engineering campaigns.
Required Qualifications:- Bachelor's degree in Cybersecurity, Information Technology, Computer Engineering, or a related field
- Minimum of 2+ years' experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, or social engineering
- Proficiency with cloud technology and deployments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
- Proficiency in the testing and assessment of mobile operating systems, embedded systems, and/or IoT devices
- Experience in drafting reports, documenting case details, and summarizing findings and recommendations based on system analysis
- Experience performing advanced vulnerability scanning and assessments on all components
- Experience conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing
- Demonstrated strong written and verbal communication skills
- Strong understanding of NIST 800-53 frameworks
- US Citizenship and an active security clearance at a minimum of the Secret Level
Desired Qualifications:- Familiarity with NIST 800-171 Revision 2
- Proven ability to develop and execute complex exploits and PoC attacks
- Strong analytical skills and experience in firmware, binary exploitation, and embedded systems testing
- Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering
- Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications
The salary range for this position is $130,000.00 - $145,000.00 commensurate on experience and technical skillset.
We are open to considering a variety of levels of experience for these projects and potential for 1099 hourly opportunity.
