Hi,
Role: Red Team PenTester, Web Apps, Network & Offensive
Location: Plano, TX (Hybrid Onsite)
Duration: Contract
Visa: (W2/1099 Only. Must be USC/GC/Perm Resident)
Experience running scans for both application and infrastructure vulnerabilities, consuming the output, driving remediation and deploying tools to mitigate discovered vulnerabilities. (We need candidates who have strong manual testing exp., who are able to discover and investigate vulnerabilities, not just run scans and deploying tools).
Responsibilities
1. Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices.
2. Conduct red team engagements across complex environments (including operational technologies).
3. Drive all phases of penetration tests and red team engagements, including Scoping, planning, communications, timelines, and execution of key activities (reconnaissance, vulnerability identification, exploitation, and reporting).
4. Develop in-depth reports (issue, severity, impact, remediation recommendations) for penetration tests and red team engagements.
5. Develop tools and techniques to automate, scale, and accelerate adversary emulation capabilities and vulnerability discovery.
6. Develop exploits and POCs to evade defensive countermeasures and emulate threat actor TTPs.
7. Establish and mature team documentation, processes, procedures, and team KPIs.
8. Mentor penetration testers, red team members, and other functions where needed to drive unified and holistic outcomes.
9. Manage third-party pen test and red team engagements to ensure high-quality products and deliverables.
10. Support offensive security research, innovation, and testing across emerging capabilities (e.g. AI, LLM, ML, NLP, Smart Contracts, etc.).
Years of experience
1. 5+ years of experience in a technical security role (e.g. Penetration Testing, Red Team, Application Security, Infrastructure Security); or master’s degree in computer science/engineering or related cyber field, and 2 years of relevant experience.
Mandatory Technical Skills
1. Advanced knowledge of security tools (Burp Suite, Metasploit, Cobalt Strike, Empire, Nmap, bloodhound, etc.) and multiple operating systems (e.g. Windows, Linux).
2. Proficient in at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++).
3. Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations).
4. Experience in aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP.
5. Familiarity with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
6. Experience in developing offensive security tooling and automation is a plus.
Regards,
K Hemanth Kumar | Sr IT Technical Recruiter | Kairos Technologies Inc
E: hemanth@kairostech.com
Job Type: Contract
Pay: $60.00 - $70.00 per hour
Experience level:
Schedule:
Experience:
- Penetration testing: 5 years (Preferred)
- web apps: 4 years (Preferred)
- offensive testing: 1 year (Preferred)
- Network protocols: 4 years (Preferred)
Work Location: Hybrid remote in Plano, TX 75024