Senior Offensive Security Engineer
New York, NY

Job Description

Job Description

Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach.

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Cyber Security Operations, Managed Services, Governance, Risk, and Compliance.

Job Description:

The Cybersecurity Penetration Tester will work on a Red Team which is dedicated to performing 'objective-based' assessments replicating known threat actors, with known (TTP's) tactics, techniques and procedures. The goal will be to assess and analyze security posture as well as its ability to respond to hacker-simulated attacks.

Required

* Demonstrated level of integrity when dealing with confidential and sensitive information
* Demonstrated knowledge of tactics used by malicious insiders, techniques and procedures associated with state sponsored threat actors
* Must be able to examine an organization from the standpoint of a threat actor and articulate risk in clear, precise terms
* Ability to effectively code in a scripting language (Python, Perl, etc)
* Demonstrated knowledge of internal penetration testing tactics, techniques, and procedures
* Experience performing application security source code reviews
* Experience developing custom exploits
* Hands-on experience in the security aspects of multiple platforms, operating systems, software, and network protocols
* Ability to read source code (java, php and javascript primarily)
* Web application penetration testing (should be very familiar with the OWASP top 10)
* Hands-on experience with commercial and open-source network and application security testing tools

Tools:

* Burp Suite
* Cain & Able
* SQLMap
* John the Ripper
* Wireshark
* Nmap
* Metasploit
* BurpSuite
* Kali Linux

Certifications a Plus:

* Offensive Security Certified Professional (OSCP)
* Certified Ethical Hacker (CEH)
* CompTIA PenTest+

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Cyber Security Operations, Managed Services, Governance, Risk, and Compliance., The Cybersecurity Penetration Tester will work on a Red Team which is dedicated to performing 'objective-based' assessments replicating known threat actors, with known (TTP's) tactics, techniques and procedures. The goal will be to assess and analyze security posture as well as its ability to respond to hacker-simulated attacks.