Penetration Tester / Red Teamer
As a Penetration Tester you will work in the Hacknowledge’s Offensive Security team and will perform various Penetration Testing or Red Team engagements for all kinds of customers internationally.
Engagements are delivered either remotely or onsite at the customer’s premises.
Depending on the mission, knowledge in the following fields are required: workstations (including vdi), servers, the client’s applications (including XenApp, etc…), network devices, wireless access points, telco/VOIP, mobile devices, electronic physical access controls, humans (S.E) and more.
The penetration testing team tests all facets of the client’s enterprise and have to imagine valid compromising scenarios to identify the risk and its associated impact.
The Offensive Security team creates custom exploits to find and demonstrate weaknesses in the client’s in-house applications, creates customized payloads designed to evade antivirus and other security solutions (AMSI, Proxies,..) in order to identify coverage gaps and improve security controls.
The team will also conduct spear phishing exercises to test the SOC’s incident response effectiveness and user security awareness or simply for using it as an entry point during a Red Team engagement.
For this position, we are looking for a passionate candidate with a strong technical background in pentesting and attack simulation.
- A significant penetration testing experience (running nmap and Nessus scans doesn’t count, must have experience actually exploiting target assets/popping shells)
- Proficiency with common open-source penetration testing tools such as the Kali Linux tool suite, i.e. Metasploit Framework, BeEF, PowerShell Empire, etc.
- In-depth knowledge and proficiency with common exploitation and post-exploitation techniques such as SQL injection, XXE, pass-the-hash, A.V bypass, payload delivery, etc.
- Ability to craft custom exploits to provide proof of concept vulnerability validation.
- Proficient scripting skills in scripting languages (Python, PowerShell, Bash…)
- In-depth knowledge of common enterprise networking protocols: TCP/IP, SMB, DNS, RDP, SSH, FTP/SFTP/SCP, RPC/WinRM, NetBIOS, HTTP/S, SMTP, etc.
- It is essential for the candidate to be a team-player.
- Candidate must have the ability to fully learn and understand security measures and devise creative mechanisms to defeat them
- Excellent writing skills
- Ability to explain complex issues in simple terms
- CVE publications, papers or CTF participation are a plus.
- OSCP/OSCE/OSEE/OSWE certifications (OSCP highly desirable)
- Binary exploitation skills
- Advanced post-exploitation skills: payload creation, droppers, lateral movements, etc..
- Ability to craft buffer overflow attacks against custom executables
- Fuzzing experience
- Reverse engineering and debugging skills for both PE and ELF binaries, on x86, x86_64 and ARM architectures
- Experience bypassing ASLR, DEP and SEH
- Familiarity with non-Windows operating systems, i.e. Cisco IOS, Mac OSX, Android, Apple iOS
Proficient in at least 2 of the following languages:
- English (mandatory)
- Luxembourgish or German are a plus
Reasons to apply:
- you like the challenges provided by working in a dynamic security company
- you have a passion for what you do and want to learn more
- you are keen on automating tasks so you can spend more time on challenging tasks
Reason NOT to apply:
- you rely on commercial security solutions and don’t want to put your hands in the engine
- you need supervised work and well-established procedures before taking decisions
- you don’t want to talk to customers
Place of work:
Main place of work is Luxembourg (close to the central train station) however on-site missions will also happen, mainly in Luxembourg, but can also be internationally.