Lead Cloud Penetration Tester

Dark Wolf Solutions is actively seeking an experienced Lead Cloud Penetration Tester to join our innovative team. This individual will play a critical role in assessing and enhancing the security of various products, including hardware, software, and embedded systems. This role demands a deep understanding of penetration testing methodologies and advanced exploit development, focusing on identifying and mitigating vulnerabilities across a wide range of technologies. As a Senior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of products. If you possess a strong background in penetration testing and a passion for cybersecurity, we encourage you to apply for this pivotal role. This position is set to be supported in a hybrid work environment out of Colorado Springs, CO. Key responsibilities include, but are not limited to: 

Duties/Responsibilities:

• Conducting comprehensive penetration testing on hardware, software, and network components.
• Performing advanced vulnerability scanning and assessments on all components.
• Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
• Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as provide information on a high-level remediation strategy.
• Testing more complex technologies and guiding junior testers through more advanced testing scenarios.
• Articulating higher-order impacts of identified vulnerabilities.
• Informing the client in writing and verbally of how the identified vulnerabilities can be chained together to create a cyber “kill-chain”.
• Ensuring quality control on all artifacts generated during the penetration testing process.
• Analyzing software, firmware, hardware, and/or RF components within the system.
• Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
• Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
• Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
• Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
• Performing manual verification of vulnerabilities, assessing their risk and exploitability.
• Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
• Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
• Reporting detailed findings and providing actionable recommendations for remediation to enhance product security.

Required Qualifications:

• 3+ years’ experience in penetration testing and vulnerability assessment.
• Proficiency in firmware analysis, reverse engineering, and binary exploitation.
• Experience in web application security testing and API security assessments.
• Hands-on experience with wireless and RF security testing.
• Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering.
• US Citizenship and clearable at a minimum of the Secret Level

Desired Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Proven ability to develop and execute complex exploits and PoC attacks.
• Strong analytical skills and experience in firmware and embedded systems testing.
• Effective communication skills, with the ability to present findings and recommendations clearly.
• Certifications such as OSCP, PNPT, GPEN or similar are highly desirable.

This position is located in Colorado Springs, CO. The salary range for this position is $150,000.00 - $165,000.00 commensurate on experience and technical skillset. 

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.