Penetration Tester

OverviewTo perform penetration testing against systems across NFCU in order to identify weaknesses and provide guidance on remediation and prevention. Conduct application, network, wireless, and mobile assessments as well as lead red team campaigns. Assess a wide variety of critical systems and applications to discover exploitable risks to the credit union and improve the risk posture of the organization. Provide findings and remediation guidance to relevant teams and serve as subject matter expert to help engineering teams understand findings and successfully manage risk. Work is performed under limited supervision.Responsibilities• Independently manage penetration tests from inception through delivery to include:• Scoping assessments and establishing rules of engagement• Designing penetration tests for systems and applications using established assessment frameworks; account for common and unique application and system considerations• Sourcing and leveraging information such as source code, architecture diagrams, etc. to enhance assessment coverage• Coordinating & scheduling testing with engineering teams across the enterprise• Effectively managing relationships and communicating with engineering teams before, during, and after testing• Acting as subject matter expert with engineering teams when communicating results, preventative measures, remediation steps, and other security related information• Acting as a technical lead for multi-resource engagements• Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks• Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking• Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats• Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data• Perform attacks consistent with common threats (e.g OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks• Research and develop exploits for local and remote targets• Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities• Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies• Develop custom scripts (Nuclei, Python, etc) to check for security requirements specific to individual applications• Communicate complex technical risks concisely to non-technical and executive audiences• Effectively employ OpSec best practices to minimize distribution of vulnerability data• Mentor and support more junior staff across the security organization• Perform other duties as assignedQualifications• Bachelor’s Degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience• Advanced hands on experience in the field of cybersecurity and/or application security, with hands-on penetration testing or red teaming as the primary/exclusive role• Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks• Experience testing against Active Directory environments• Experience testing against both Linux based and Windows based systems• Experience developing custom malware and evading EDR solutions• Experience coding in languages and on frameworks such as: Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS• Advanced networking knowledge spanning: IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS• Advanced knowledge of modern cryptographic hashing & encryption methods and best practices• Advanced organizational, planning and time management skills• Advanced communication, presentation and analytical skillsDesired Qualifications• Advanced degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience• At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications (“Registered” and “Certified” levels such as CRT or CCSAS)• Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc.• Experience leading testing engagements end to end.• Advanced knowledge of Navy Federal’s functions, philosophy, operations and organizational objectivesHours: Monday - Friday, 8:00AM - 4:30PMLocations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131 | RemoteAbout UsNavy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.• Best Companies for Latinos to Work for 2024• Computerworld® Best Places to Work in IT• Forbes® 2024 America's Best Large Employers• Forbes® 2023 The Best Employers for New Grads• Fortune Best Workplaces for Millennials™ 2023• Fortune Best Workplaces for Women ™ 2023• Fortune 100 Best Companies to Work For® 2024• Military Times 2023 Best for Vets Employers• Newsweek Most Loved Workplaces• Ripplematch Campus Forward Award - Excellence in Early Career Hiring• Yello and WayUp Top 100 Internship ProgramsFrom Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/DisabilityHybrid Workplace: Navy Federal Credit Union is a hybrid workplace, and details will be discussed during your interview process.Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market positionBank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.