Penetration Tester

Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This individual will play a critical role in assessing and enhancing the security of various products, including hardware, software, and embedded systems. This role demands a deep understanding of penetration testing methodologies and advanced exploit development, focusing on identifying and mitigating vulnerabilities across a wide range of technologies. As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of products. If you possess a strong background in penetration testing and a passion for cybersecurity, we encourage you to apply for this pivotal role. This position is set to be supported in a hybrid work environment out of the DC Metro area. Key responsibilities include, but are not limited to:

• Conducting comprehensive penetration testing on hardware, software, and network components.
• Performing advanced vulnerability scanning and assessments on all components.
• Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
• Analyzing software, firmware, hardware, and/or RF components within the system.
• Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as providing information on a high-level remediation strategy.
• Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
• Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
• Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
• Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
• Performing manual verification of vulnerabilities, assessing their risk and exploitability.
• Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
• Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
• Reporting detailed findings, documenting case details, and providing actionable recommendations for remediation to enhance product security based on system analysis.
• Planning and executing full-scale, cross-domain vulnerability assessments, network penetration testing, and phishing/social engineering campaigns.

• Minimum of 2+ years’ experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, or social engineering
• Proficiency with cloud technology and deployments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
• Proficiency in the testing and assessment of mobile operating systems, embedded systems, and/or IoT devices
• Experience in drafting reports, documenting case details, and summarizing findings and recommendations based on system analysis
• Experience performing advanced vulnerability scanning and assessments on all components
• Experience conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing
• Demonstrated strong written and verbal communication skills
• Strong understanding of NIST 800-53 frameworks
• US Citizenship and an active security clearance at a minimum of the Secret Level

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Engineering, or a related field
• Proven ability to develop and execute complex exploits and PoC attacks
• Strong analytical skills and experience in firmware, binary exploitation, and embedded systems testing
• Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering
• Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications

The position is located in Colorado Springs, CO. The salary range for this position is $130,000.00 - $145,000.00 commensurate on experience and technical skillset. 

We are open to considering a variety of levels of experience for these projects and potential for 1099 hourly opportunity. 

We are proud to be an EEO/AA Employer Minorities/Women/Veterans/Disabled and other protected categories. 

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification from upon hire.