Threat Vulnerability Management - TVM

• Technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management;
• Security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools included within the Kali Linux distribution;
• Networking protocols, TCP/IP stack, systems architecture, and operating systems;
• Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript;
• Well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and,
• Traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.

Demonstrates thorough abilities and/or a proven record of success in the following areas:

• Performing penetration testing activities within a client s environment, emphasizing manual stealthy testing techniques;
• Executing stealthy penetration testing, advanced red team, or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems;
• Understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines; .
• Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements;
• Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information;
• Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems;
• Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses;
• Managing engagements with junior staff;
• Preparing concise and accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary;
• Balancing project economics management with the occurrence of unanticipated issues.
• Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members;
• Proactively seeking guidance, clarification, and feedback; and,