Senior Penetration Tester

Location: Full Time – Remote

Company Overview

HALOCK Security Labs is a full-service information security consulting firm located in Schaumburg, Illinois. Since 1996, we have provided best-in-class technical security expertise and strategic advisement with a core focus on penetration testing, malware defense, incident response, risk, and compliance services. HALOCK is growing steadily and seeking a Senior Penetration Tester that is proficient in the execution of Social Engineering and Assumed Breach tests to join our growing team. All HALOCK penetration testers are subject matter experts in their field and benefit from working with a talented and experienced group in a highly interactive environment. HALOCK provides an opportunity to develop penetration testing expertise and offers early entry into an organization positioned for growth.

HALOCK offers excellent compensation and benefits packages including competitive bonus potential, training and paid certification opportunities, health, dental, 401(k), long-term disability, conference attendance, and more.

Position Overview

Perform social engineering and assumed breach testing that requires advanced red team skills and techniques to evade security solutions that are deployed in a client environment

Exhibit extensive knowledge of industry standard penetration testing methods and adversary tactics, in particular, the MITRE ATT&CK framework

Contribute to HALOCK’s penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing research

Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options

Qualifications

  • Five years of experience in penetration testing and/or red teaming across a variety of technologies
  • Understanding of AD attack paths (Kerberoasting, ACL abuse, DCSync, etc.)
  • Experience with red team tooling (e.g., Cobalt Strike, Sliver, Mythic, Covenant)
  • Experience using and developing tooling, methodologies and scalable infrastructure to support red team engagements capabilities (e.g. command and control frameworks, phishing environment, exploits)
  • Experience with defense evasion to bypass security tooling (e.g. Endpoint Detection and Response)
  • Strong scripting or development experience (Python, PowerShell, Bash, or equivalent)
  • Strong organizational skills, including ability to deliver with minimal supervision
  • High motivation, integrity, and commitment to self-development
  • Strong verbal communication skills
  • One or more of the following applicable security certifications:
    • OffSec Certified Professional (OSCP)
    • Certified Red Team Operator (CRTO)
    • GIAC Penetration Tester (GPEN)

Desired

  • Formal education in Information Security, Information Technology, Computer Science, Engineering or related discipline preferred
  • Previous experience conducting penetration testing and/or red teaming in a consulting capacity
  • One or more of the following applicable security certifications:
    • OffSec Experienced Penetration Tester (OSEP)
    • OffSec Exploit Developer (OSED)
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Travel

N/A: This is a remote position. No travel is required.

Disclosures

  • All candidates invited to interview will be required to sign strict confidentiality and non-disclosure agreements.
  • Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.
  • US citizens and Green Card holders, EAD and TN are encouraged to apply. We are unable to sponsor H1 candidates at this time.
  • No 3rd parties please. Individuals only need apply.

POSITION HAS BEEN FILLED