Security Researcher & Penetration Tester
Apply now Back to search results
Job no: 521453
Work type: Administrative & Professional
Senior management: Vice President-Info Technology
Department: IT Security
Location: Hybrid, Blacksburg, Virginia
Categories: Information Systems / Technology, Data Analytics / Security
The position conducts cyber attacks that mimic known adversarial tactics, techniques and procedures (TTPs) in order to proactively identify and correct information security issues at Virginia Tech before they are exploited. This position reports to the Director of the Red Team in IT Security (ITSO).
• Administer the ITSO's Bug Bounty and Responsible Disclosure program.
• Carry out successful cyber attacks on internally or externally hosted applications, systems and infrastructure with an emphasis on critical functions likely to be targeted by adversaries.
• Write software programs to facilitate complex cyber attacks and emulate adversarial TTPs.
• Communicate the status of cyber attacks and findings to the Director of the Red Team.
• Ensure effective knowledge management and reporting of findings.
• Review results of attack campaigns in order to determine severity and identify potential remediations and mitigations.
• Conduct on-going, in-depth research on the latest adversarial TTPs.
• Provide training in cyber attack techniques, tool/exploit development, intelligence analysis and
adversarial TTPs to other areas at Virginia Tech.
• Mentor red team students.
• Bachelor's degree in Computer Science, Computer Engineering or equivalent work experience.
• Experience with general penetration testing and web penetration testing.
• Experience with network security (network protocols, netflows, packet capture and analysis).
• Experience with operating systems (UNIX, Linux, Mac, Windows).
• Experience with databases (MySQL, Postgresql, Oracle, MSSQL, sqlite).
• Experience with software development (writing programs, writing scripts, using git, exploit writing, code analysis).
• Experience with application analysis (fuzzing, reverse engineering, disassembling).
• Experience with cryptography (password cracking, encryption, algorithm analysis).
• Ability to learn new technical and non-technical analysis techniques as required.
• Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
• Demonstrable skills in identifying and mitigating security vulnerabilities in operating systems, network infrastructure and web applications.
• Ability to work independently with little to no supervision.
• Demonstrated working experience in various information security red team roles.
• Experience with Golang, Python3 and git (specifically gitlab).
• Experience with AWS (specifically, ECS, S3, Lambda, RDS).
• Experience with docker.
The successful candidate will be required to have a criminal conviction check.
Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers. A leading global research institution, Virginia Tech conducts more than $500 million in research annually.
Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law.
If you are an individual with a disability and desire an accommodation, please contact Brittany Kessler at firstname.lastname@example.org during regular business hours at least 10 business days prior to the event.
Back to search results Apply now Refer a friend