- Having good experience and able to work independently on at least few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, Burp, SQLmap, nmap, fuzzers and other penetration testing tools)
- Strong experience in performing penetration tests and/or vulnerability assessments on products (IoT devices, PCB hardware), web applications, mobile Applications, Thick client applications and networks.
- Strong knowledge & understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX/Linux), security technologies (TLS, PKI, OWASP) and Scripting languages (Python, Shell)
- Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark, STIG DoD & NIST
- Network protocol knowledge i.e., TCP/IP, UDP, IPSEC, HTTP, HTTPS, DHCP/NTP etc.
- Experience with static analysis tools and software composition analysis tools
- Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), Common Weakness Enumeration (CWE) & CVSS (Common Vulnerability Scoring System)
- strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL, JTAG, UART...
- Handson experience with fuzzing protocols and identifying crash points. Carrying out network based attacks like DOS, starvation, overwhelming, sensitive information exposure, firmware dumping, DLL hijacking...
- Handson experience with penetration testing tools like bash bunny, rubber ducky, GreatFET, HackRF, USRP
Penetration Testing Engineer ITAR SME - Peoria, United States - Diverse Lynx
Description
Role: Penetration Testing Engineer ITAR SMEExperience: Minimum 5 years in product penetration testing
Location: Peoria, Illinois
Technical Competencies & Experience