Red Team PenTester, Web Apps, Network & Offensive

Plano, Texas

Hybrid

Contract

$75/hr - $88/hr

Our Nationally recognized Client offering a top work environment is seeking a Sr level Penetration Tester for an immediate Contract Assignment (possible contract to hire) in the Plano, TX area. You will need to be skilled in performing thorough penetration tests on web APIs and mobile applications. Hybrid schedule, onsite 3 days a week.

Senior Red Team Penetration Tester/Offensive Security Consultant

The selected candidate will work within the Cyber Fusion Center alongside the Offensive Security Team continuously evaluating the Company's cyber security posture through penetration tests and red team engagements to proactively identify gaps and drive mitigations to minimize the Company's cyber risk exposure.

Mandatory Technical Skills

• Advanced knowledge of Burp Suite and other security tools (Metasploit, Cobalt Strike, Empire, Nmap, bloodhound, etc.) and multiple operating systems (e.g. Windows, Linux). Experience conducting manual API and Mobile PenTest using Burp Suite.

• Proficient in at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++).

• Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations).

• Proficient in understanding and investigating application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.

• Performing manual testing and identifying vulnerabilities such as Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection, privilege escalations, authentication weaknesses, access control weaknesses, use of insecure cryptographic protocols, security misconfigurations.

• Experience in aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP.

• Familiarity with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).

• API testing: Postman, soapUI

• Experience in developing offensive security tooling and automation is a plus.

What You Will Be Doing

• Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices.

• Conduct red team engagements across complex environments (including operational technologies).

• Drive all phases of penetration tests and red team engagements, including Scoping, planning, communications, timelines, and execution of key activities (reconnaissance, vulnerability identification, exploitation, and reporting).

• Develop in-depth reports (issue, severity, impact, remediation recommendations) for penetration tests and red team engagements.

• Develop tools and techniques to automate, scale, and accelerate adversary emulation capabilities and vulnerability discovery.

• Develop exploits and POCs to evade defensive countermeasures and emulate threat actor TTPs.

• Establish and mature team documentation, processes, procedures, and team KPIs.

• Mentor penetration testers, red team members, and other functions where needed to drive unified and holistic outcomes.

• Manage third-party pen test and red team engagements to ensure high-quality products and deliverables.

• Support offensive security research, innovation, and testing across emerging capabilities (e.g. AI, LLM, ML, NLP, Smart Contracts, etc.).

Desired Skills

• Certified Red Team Professional (CRTP)

• Certified Red Team Expert (CRTE)

• OSCP – Offensive Security Certified Professional

• CVE Achievements

Accountabilities

• Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals.

• Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape.

• Develop automation to scale global offensive capabilities and operational resiliency.

• Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.

• Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.

Years of experience

• 5+ years of experience in a technical security role (e.g. Penetration Testing, Red Team, Application Security, Infrastructure Security); or master’s degree in computer science/engineering or related cyber field, and 2 years of relevant experience.

Differentiating behaviors

• Experience driving large-scale risk reduction initiatives across Fortune 500 organizations.

• Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution.

• Active community engagement: Bug Bounty program engagements, participation in CTFs, or contributions to open source, etc.

• Information Security certifications such as OSCP, OSCE, GPEN, GWAPT, or GXPN are a plus.

• Ability to organize tasks, manage time, and prioritize actions to meet business needs.

You will receive the following benefits:

• Medical Insurance - Four medical plans to choose from for you and your family

• Dental & Orthodontia Benefits

• Vision Benefits

• Health Savings Account (HSA)

• Health and Dependent Care Flexible Spending Accounts

• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance

• Hospital Indemnity Insurance

• 401(k) including match with pre and post-tax options

• Paid Sick Time Leave

• Legal and Identity Protection Plans

• Pre-tax Commuter Benefit

• 529 College Saver Plan

Motion Recruitment Partners is an Equal Opportunity Employer, including Veterans/Disability/Women. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Accommodation will be provided in all parts of the hiring process as required under Motion Recruitment Employment Accommodation policy. Applicants need to make their needs known in advance.

Posted by: Savitha Chethan

Specialization: Cybersecurity