Through Core BTS Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles.

Job Description:

Skills

• Penetration Testing Tools (such as, Metasploit, Cobalt Strike, etc.)
• Tenable Vulnerability Product Suite (including, Tenable.sc, Nessus Manager, and/or Nessus Professional)
• Network Scanning Tools (including, NMAP and/or equivalent port/protocol scanning tools)
• Microsoft Windows and GNU/Linux Proficiencies (including, Command Line Interface access)

Experience

• Penetration Testing and/or Red Teaming
• Vulnerability Assessments and/or Vulnerability Management
• Technical and/or Offensive Security Assessment Report drafting and delivery
• Technical Vulnerability Risking, Ranking, and Prioritization

Common Tools

• Kali Linux An open-source Linux distribution dedicated to technical penetration testing and includes a suite of toolsets to support both network and application penetration testing.
• Nmap Port scanning, service identification, and specific vulnerability identification.
• Burp Suite Collection of web application testing modules (e.g. web-proxy, request replay, fuzzing).
• OWASP ZAP Zed Attack Proxy is an open-source web proxy with enhanced features for technical web application testing.
• Nikto Web Vulnerability scanner.
• Wireshark/TCPDtcpdump Capture and analysis of network traffic.
• Netcat Multi-function network manipulation tool used to fill a variety of testing needs.
• Command Line Tools Both Windows and *nix based command line tools and utilities provide built-in functions to serve multiple needs.
• ike-scan IPSec identification and evaluation.
• firewall Firewall scanning, bypass, evasion, and active reconnaissance tool.
• Medusa Password guessing for multiple services and protocols.
• John the Ripper Offline, static, password cracking tool.
• Hydra Online password brute forcing tool.
• Hashcat Offline, password cracking tool.
• Responder Windows sessions hi-jacking.
• Sqlmap Assists in the automation SQL Injection attacks, as well as the identification of injection flaws.
• Skipfish Application layer automated testing to identify potential vulnerabilities dynamically.
• DirBuster Application layer directory enumeration.
• Ettercap Layer 2 packet manipulation and enables man-in-the-middle attacks.
• GoPhish Email-based Phishing platform.
• Evilginx2 Phishing / MFA Bypass platform.
• Metasploit Penetration testing framework (scanning, enumeration, fuzzing, vulnerability analysis, exploitation, post-exploitation, etc.)
• Cobal Strike Red Team/Command & Control platform

Responsibilities:

• Perform Penetration Testing and Social Engineering activities within Offensive Security Assessment projects.
• Develop and manage vulnerability management strategies for clients, across a variety of industries, organizational sizes, and security maturity levels.
• Complete penetration testing and vulnerability assessments across technical environments, including on-premises, hybrid, cloud, endpoints, server, application, and industrial/operational environments.
• Perform vulnerability and risk analysis with high-quality risk validation and severity/impact review.
• Draft detailed vulnerability and risk remediation recommendations, reports, and plans for clients and the security findings of their vulnerability management processes.
• Provide both technical-level and business-level reports, including presentations to articulate cybersecurity risks and recommendations.

Example Tasks

• External Vulnerability Assessment
• Reconnaissance of publicly available information to identify IP address ranges, technologies, vulnerabilities, email addresses, and phone numbers potentially associated with the company
• Use of network-based vulnerability scanners to identify in-scope systems which are online and operational
• Vulnerability scanning of online, in-scope systems and devices
• Review of scan results with manual testing to filter out false positives and determine validity
• Manual testing to identify vulnerabilities which cannot be discovered through automated methodologies

• Social Engineering / Phishing Assessment
• Reconnaissance of publicly available information to identify organization members, and associated contact information including email addresses, and phone numbers
• Discussion to review the obtained, externally available, information and define the approved in-scope target list for Phishing targeting
• Development of the Phishing email content (pre-text)
• Delivery of phishing emails, which may assess recipients:
• Opening the emails
• Clicking links within the email
• Entering sensitive information (including, potentially credentials)
• Downloading files or attachments
• Opening or executing files/attachments
• Sharing sensitive organizational information or data
• Email filtering and endpoint security
• Traffic filtering and network security

• Internal Vulnerability Assessment
• Use of network-based vulnerability scanners to identify in-scope systems which are online and operational
• Vulnerability scanning of online, in-scope systems and devices
• Review of scan results with manual testing to filter out false positives and determine validity
• Manual testing to identify vulnerabilities which cannot be discovered through automated methodologies

• External Network Penetration Testing
• Reconnaissance of publicly available information to identify IP address ranges, technologies, vulnerabilities, email addresses, and phone numbers potentially associated with the company
• Discussion to review discovered public information and define approved list of external logical and digital targets, and IP addresses to be included in the scope of testing
• Automated vulnerability identification for analysis and scenario development
• Manual attempts to identify and exploit security vulnerabilities on in-scope external systems to obtain access to defined targets
• Manual review of external access-control related systems and platforms (such as VPN, Remote Access, Email, etc.)
• Potential system pivoting to internal systems and privilege escalation in pursuit of defined targets
• Internal Network Penetration Testing
• Reconnaissance of publicly available information to identify IP address ranges, technologies, vulnerabilities, email addresses, and phone numbers potentially associated with the company
• Discussion to review discovered public information and define approved list of external logical and digital targets, and IP addresses to be included in the scope of testing
• Automated vulnerability identification for analysis and scenario development
• Attempts to identify and exploit security vulnerabilities on internal systems to obtain access to defined logical targets.
• Potential system pivoting and privilege escalation in pursuit of defined targets
• Analysis of vulnerabilities and identified security issues to determine risk severity and provide recommendations for remediation
• Reporting
• Final development of any reports, documentation, and/or deliverables
• Detailed written narrative of attacks and exploitation methods used to successfully acquire targets
• Review session to discuss findings and recommendations
• Delivery, presentation, and guidance of deliverables