Ethical Hacker

Digital Umbrella, the advanced cybersecurity division of Apex, is looking for someone to lead a new ethical offensive operations (penetration testing) team to help test and improve our MSSP clients’ security.  This is an opportunity to get in at the ground floor in a senior leadership position within a new unit at a stable, established, and rapidly growing nationwide company.  As the leader of our offensive operations team you will leverage advanced hacking skills to design customized, highly sophisticated tools for our offensive cyber testing operations.  You will design, utilize and teach advanced adversary emulation methods including cyber and real world deception tactics, exploit development, stealth operations and application manipulation for the purpose of identifying defensive weaknesses and ultimately improving cyber defense.

Responsibilities Include:

• Lead and conduct internal and external penetration tests (White Box, Gray Box & Black Box) on computer systems, networks and applications
• Assess, test, and penetrate common and unique environments such as Windows, Linux and Apple operating systems, networking and storage hardware, mobile systems, web applications, proprietary software, SCADA systems, power grids, and wireless networks
• Develop and execute attack plans, scripts, tools, and methodologies to strengthen our offensive operations,
• Evaluate physical security controls and attempt to gain physical access
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
• Imitate tactics and techniques used by modern attackers, including common network and software exploitation
• Research, evaluate, document and discuss findings with IT teams and management
• Establish improvements for existing security services, including hardware, software, policies and procedures
• Communicate findings and implement strategies to key internal and external stakeholders
• Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
• Stay informed of the latest attack trends, malware, security threats and tactics 
• Build, train and lead a team of offensive engineers to conduct client security testing engagements

Knowledge, Skills, and/or Abilities Required:  

• Impeccable integrity and ethics is a must, all offensive operations must be conducted in an entirely ethical manner and within the scope of a documented and approved engagement
• Proficient in at least one programming language (such as Python, Ruby, C++, php or javascript), with coding and scripting skills for custom exploit development
• Understanding of common network protocols
• Extensive knowledge of offensive security applications and tools, processes, and equipment, including:
• • Nmap (or similar network scanners), Nessus (or similar vulnerability scanners), Kali Linux, Metasploit (or other penetration testing toolsets), OWASP (or other web application testing tools)
• Skill in leading people and getting results with a strong customer orientation
• Understanding of, and ability to, exploit the human element to gain unauthorized access to secure systems
• Clear understanding of how computer security breaches can disrupt business, including the financial and managerial implications
• Exceptional problem-solving skills
• Communications skills to document and share your findings
• Self-motivated with the ability to work in a fast moving environment
• Must be able to pass a comprehensive background check and work in sensitive government environments (active security clearance a plus but not required)

Minimum Required:

• 5 years IT field experience (or a bachelor’s degree in Computer Science, Cyber Security, or a related subject)
• 3 years IT security experience with at least 1 year in offensive operations/penetration testing.
• IT Security certification such as CISSP, Security+, CEH, or OSCP

Benefits:

·       Ability to lead, grow and shape the culture and new offerings (ground floor leadership opportunity in an established and rapidly growing nationwide company)

·       Work from home/work from anywhere flexibility (within US due to client data restriction requirements)

·       Competitive salary plus lucrative profit-sharing bonuses and performance-based incentives

·       Extensive continuing education opportunities, training & support

·       Health, vision, and dental benefits included

·       401k with 5% employer match

·       Generous PTO policy

·       Flexible, employee and family centered scheduling and work environment

·       Fully paid gym memberships and other wellness benefits

·       Fun working environment and culture