Defiant is a cybersecurity company that delivers the best threat protection for WordPress sites. We are a 100% remote team, fast moving, nimble, and self managed.
We are looking for contract penetration testers to join our team for a short-term project of approximately 6 weeks in duration at 20-30 hours per week. You will be working with our Director of Information Security and a small team that will be testing our network infrastructure and web applications to find security vulnerabilities that an attacker could exploit. If security is your passion and you love doing CTFs in your spare time, then you're exactly who we are looking for to join our team.
- 5+ years of web application and network penetration testing experience.
- At least 2 of the following OSCP, CEH, OSCE, GPEN, GWAPT, LPT and/or other equivalent certifications that are valid and not expired.
- Experience with tools, such as Metasploit, NMAP, Burpsuite, and other various tools and vulnerability scanners.
- Practical knowledge and experience with Linux operating systems, wordpress, wordpress plugins, API's, AWS architecture, RDS, Redis, Bash, Python, PHP, Laravel, nginx and apache.
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement.
- Familiar with the fundamentals of web applications including authentication, session management, requests, form submittal, etc.
- Understanding and ability to exploit Cross Site Scripting, SQL injection, RCE and other common vulnerabilities.
- Deep understanding of security fundamentals and common vulnerabilities (e.g. OWASP Top Ten).
- Ability to create comprehensive report of findings and provide remedial recommendations after testing is complete.
- Thorough understanding of network protocols, data on the wire, and covert channels.
- Excellent communication skills.
- Must be a creative and critical thinker.
- Highly motivated, deeply passionate and able to work with little oversight or direction.
- Previous Red or Purple team exercise experience desired.
- Work remotely from wherever you have a secure internet connection
- Work whatever hours are best for you (20-30 per week); could be a side gig