Understand the threat and vulnerabilities reported in Threat Modeling, Static Code Analysis & vulnerabilities reported through open-source scans
Lead port and protocol scans to identify computing assets communicating on the network
Research and Identify vulnerabilities in listening services
Lead reconnaissance activities and exploitation of vulnerabilities to gain user/privileged level access, prove ability of adversaries to intercept communications and otherwise compromise the security of a system
Report on findings/observations and provide recommendations such as outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers/infrastructure engineers on effective security controls and counter measures.
Working knowledge of virtualized infrastructure to enable our team to build environments to support testing and training.