logo image

Welcome to careers at Malleum

Penetration Tester

remote
Ottawa, Ontario, Canada .
full-time . May 7, 2024

Description

Job Description
Are you of the opinion that scanners primarily identify surface-level vulnerabilities, leaving the more significant discoveries to human testers? Have you conducted penetration tests on numerous networks and are still eager for more challenges? If this resonates with you, you're in the right place! We are seeking an experienced senior network penetration security tester to become part of our team of expert penetration testers.
 
Please note, if you prefer using a scanner and manually addressing those vulnerabilities, this position may not align with your expectations.
 
Minimum Requirements

  • Eight to 10 (8-10) years of experience exclusively performing network security testing or ten (10) years of mixed experience performing application security assessments, network security assessments, and software development
  • Two to four (2-4) years of leadership experience
  • Advanced ability to detect, define, exploit, and remediate vulnerabilities without the use of a vulnerability scanner (a browser, a proxy, an editor, and YOU)
  • Intermediate knowledge of C, C#, Python, Objective C, Java, Javascript, SQL, Angular JS, etc.
  • Programming experience in two of the following languages: C#, Java, Python, Ruby
  • Database knowledge in MS SQL, MySQL, Oracle, etc.
  • Interface with clients to determine and understand their needs
  • Develop detailed reports on findings and remediations
  • Familiarity with Windows Internals
  • Vulnerability and exploit development research
  • Evade EDR devices such as Windows Defender and Carbon Black to avoid detection by defenders/behavioral-based alerting to further the engagement objectives
  • Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure
  • Develop payloads, scripts, and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
  • Communicate effectively with team members and during an engagement
  • Ability to think unconventionally to develop adversarial TTPs
  • Keep current with TTPs and the latest offensive security techniques
 
We expect our consultants to treat all colleagues and clients with the highest level of respect. Our clients are our partners, and we consider ourselves an integral part of their team, whether it's for a single project or a multi-year engagement. Every role at Malleum involves direct interaction with clients, so it's essential to possess strong communication skills, including the ability to write reports, articulate ideas, respond to inquiries, and engage with clients respectfully. If you hold the view that clients are unintelligent and their code is subpar, then this may not be the appropriate environment for you.
 
Nice to Have Skills
You should be proficient in using standard professional exploitation frameworks (such as Cobalt Strike, Metasploit, or Sliver) and possess a solid understanding of exploitation techniques beyond the basic "click to exploit" approach. We are looking for more than just the ability to run a scan and attempt an exploit using exploit frameworks.
 
A comprehensive working knowledge of Kali Linux or similar testing distributions and their tools is essential. Prior experience in penetration testing as a consultant is preferred. We place equal importance on writing reports as we do on discovering vulnerabilities, so it's crucial that you can communicate effectively and produce clear, concise reports.
 
One or more of the following certifications would be required: OSCP, OSWP, OSCE, OSEE, OSWE, any of the GIAC certs, etc.
 
Note: Malleum will always value hands-on and demonstrable skills ahead of industry certifications.
 
Culture
If you're seeking a conventional 9-5 job, it's likely that our company may not be the best fit for you. We're dedicated to our work, but we also believe in enjoying life to the fullest. We hope you find joy in your personal life, but we also want you to have a great time working alongside our team and with our clients.
 
Community Involvement
We are firm advocates for community engagement, and our team members frequently present at conferences around the globe. Our consultants allocate time in their schedules for research, teaching, and speaking engagements. We also encourage annual trips to conferences and educational sessions.
 
Salary & Benefits
The salary offered is based on experience and comes with access to medical, dental, vision insurance and RRSP matching. Malleum also offers a flexible vacation policy and values the importance of sick days, personal wellness days, and volunteer days for the well-being of our team.

Know someone who would be a perfect fit? Let them know!