Senior Director- Offensive Security (Penetration Testing)

CyberOne is hiring! We hire smart, talented and high-performing professionals to push our organization forward and provide superior service to our customers. We each take accountability for our work, strive to make each other better, and genuinely love what we do. If you value learning new things, being innovative, and working in a supportive, collaborative environment, CyberOne may be the place for you.

If you are ready to raise the bar for your career and be part of our exciting journey, we would like to hear from you!

Position Overview

The Director - Team Ares Practice will be responsible for driving an offensive security program to holistically test customer environments for vulnerabilities and demonstrate the impact and resolution to the business through exploitation. This person will lead a multi-person team of Penetration Testing and Vulnerability Management engineers and consultants. The individual stepping into this role will lead by forming strong partnerships internally and externally to guide organizations and team members by providing vision, strategy, and prioritization to securing customer environments.

The ideal candidate will be based in the Dallas area, but not an absolute, where they can collaborate directly with service delivery teams onsite in accordance with our hybrid work schedule.

Essential Functions

• Serve as subject matter expert related to penetration testing, secure development, and secure configuration.
• Evangelize penetration testing and vulnerability services to broaden security awareness through use of the team’s services.
• Assist in the project lifecycle from initiation to delivery of service.
• Drive actionable metrics and reporting for operations and leadership transparency.
• Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for project effectiveness.
• Closely support and collaborate with other CyberOne Professional Service teams.
• Own and drive Team Ares penetration testing program strategy that can be divided into multiple areas.
  
  

Project Management and Delivery

• Participate in discovery and analysis of client needs.
• Organize and lead offensive security services for clients of CyberOne.
• Demonstrated ability to deliver projects using well-defined methodology across various security disciplines such as but not limited to:
• Penetration tests (external, wireless, and web application)
• Wireless assessments
• Social Engineering (phishing, vishing, physical)
• VoIP
• Develop technical solutions to help mitigate security vulnerabilities.
• Provide external training to clients of CyberOne.
  
  

Training and Product Development

• Develop training programs and material to externalize to CyberOne clients or security conferences.
• Assist in development of other offensive security services that can be offered to clients.
  
  

Cyber Security Research

• Research and study security vulnerabilities from a multitude of product.
• Research and develop practical tools to protect native systems, including both host and network side defense.
• Collaborate with the security community in improving both offensive and defensive security methods and tools.
• Research and stay knowledgeable on paper/blog write-ups to share information with the community.
• Publish white papers.
  
  

Mentoring

• Mentor junior team members on technical/function aspects of offensive security operations.
• Technical mentoring includes penetration testing methodologies, vulnerability discovery, and scripting languages.
• Understand project lifecycle and ability to transfer knowledge to junior resources.
  
  

Offensive Security Development

• Develop tools to aid Team ARES, and the community, in conducting offensive security services.
• Experience performing Security Assessment work (vulnerability, penetration tests, web application, wireless security and social engineering).
• Using creative approaches to identify vulnerabilities that are commonly missed in security assessments.
• Exploiting vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus.
• Performing complex wireless attacks both against wireless clients and access points.
• Using social engineering techniques to obtain sensitive information, network access and physical access to client sites.
• Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities required.
• Experience with commercial and open-source security tools required (e.g., Nessus, Nexpose, SAINT, Qualys, Burp, NMap, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, etc.)
• Familiarity with various network architectures, network services, system types, network devices, development platforms and software suites required (e.g., Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.)
• Build strong partnerships with partners and vendors to promote services.
  
  

Departmental administrative tasks

• Track and manage budget.
• Document projects within accounting systems (SalesForce, NetSuite).
• Create working relationships with project managers and account managers across the organization.
• Track deliverables with the ability to host conference calls with customers and facilitating next steps in the project lifecycle.
• Mentor and coach teams as well as project managers.
  
  

Education/Experience

• Required Education / Experience
• 7 Years performing penetration testing.
• 3 Years mentoring technical mentees or providing training around offensive security services.
• Offensive Security Certified Professional (OSCP).
• Experience communicating and presenting to business executives.
• Fluent knowledge of a scripting language (e.g. Python).
• Strong technical knowledge of web applications and networking.
• Excellent ability to define problems, formulate solutions, effectively collaborate and communicate, plan and execute.
• Demonstrated ability to participate in cross functional teams, including offsite, remote and offshore resources.
• Demonstrated ability to create comprehensive assessment reports.
• Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
• Passion for creating tools and automation to make common tasks more efficient.
  
  

Preferred Education / Experience

• Bachelors or Masters degree in computer science or related engineering field.
• OSCE and OSCP Certifications.
• Provided training or presentations at DefCon or BlackHat security conferences.
• Vulnerability Research experience as well as experience reporting and publishing information around discovered vulnerabilities.
• Reverse engineering/Binary analysis experience (firmware, x86 applications, etc.)
• Recognition in the security community for speaking.
  
  

Skill/Abilities

• Demonstrate excellent customer service skills to cultivate relationships and engage with both local and remote clients with confidence and persuasion.
• Display above-average organizational and time management capabilities.
• Exhibit effective communication skills, both written and verbal, encompassing interactions with senior leadership, peers, and team members.
• Showcase adeptness in multitasking and time management.
• Utilize standard office equipment like laptop computers and smartphones as part of routine responsibilities.
• Possess the capability to manage multiple projects and accommodate scheduling demands.
  
  

Work Environment

• There is a possibility of up to 25% travel as part of the role's requirements.
• The work is conducted indoors within a climate-controlled setting.
• Flexibility in working evenings and weekends may be necessary to meet the demands of the company and its clients.
• The ability to remain stationary for approximately 50% of the time is essential.
• The role entails movement within a professional office environment.
• Employees will experience a culture that encourages contribution within an organization that embraces a fail-fast mentality.
• The work environment is characterized by openness, supportiveness, a fast-paced nature, and a strong emphasis on collaboration.
  
  

If you are passionate, driven and ready to take your career to the next level, we invite you to apply today!

Recruitment Agencies Please Note

"In accordance with our recruitment policy, CyberOne strictly prohibits any form of solicitation of our employees by external agencies or third parties. Any candidate information that may be received from such agencies or third parties shall be deemed as a voluntary gift and shall become the exclusive property of CyberOne. Exceptions to this policy apply only when an Agency/Third Party is an Authorized Vendor of CyberOne, holding a valid and current contract that has been duly signed by the HR Manager or CFO of CyberOne. Under no circumstances will any payment be made to any Agency/Third Party unless they are an Authorized Vendor or possess written approval from the CyberOne HR Manager or CFO, granting them explicit permission to engage in recruitment efforts on behalf of CyberOne."