Remote Senior Penetration Tester

Summary

Join the Kaseya growth rocket ship and see how we are #ChangingLives! We're pushing the boundaries of technology with automation. Focus on expanding your knowledge and skills. Our company culture is all about teamwork, innovation, and helping each other.

Requirements

• Must be comfortable performing post-exploitation in Active Directory and enterprise environments with no assistance
• Must possess and demonstrate experience with object-oriented programming (OOP)
• Experience with MVC frameworks, especially Ruby on Rails, is a huge plus
• Must possess knowledge in either Ruby or Python
• Must be able to use Linux without any assistance
• Must be familiar with standard penetration testing tools (e.g. Nmap, Metasploit, etc.)
• Ability to adapt and learn new creative ways to solve inefficiencies through automation
• Understanding of networking protocols and terminology
• Passion for developing new tools and scripts to solve problems
• Excellent teamwork and collaboration skills

Responsibilities

• Contribute to the backend development of our automated pentesting framework to continuously improve efficiency and introduce new automated exploits
• Collaborate with the penetration testing team on new tools and strategies for expanding the framework
• Stay updated with the latest and greatest security vulnerabilities and available exploits to incorporate into the platform
• Document and streamline development best practices and initiatives
• Use custom and open-source tools to perform and report on exploitation and post-exploitation attacks that were not covered by our automation efforts
• Identify bugs and room for improvement relating to the framework and other custom tools for our automation team
• Contribute to internal documentation of (post-)exploitation attacks that can be performed by our pentesters
• Collaborate with our automation team by suggesting and documenting attacker vectors not yet covered by the framework
• Occasionally write scripts in Ruby, Python, and/or Bash to automate manual testing routines and/or specific attacks (e.g., testing for and exploiting default credentials in common web apps)
• Recommend new procedures, policies, and tools to streamline our pentest QA process and eliminate repetitive, manual tasks