Ethical Hacker

Packetlabs • Remote (Ontario, Canada) • 1w ago

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan "Ready for more than a VA scan?" drives at the importance of not providing our clients with a false sense of security.

We are a passionate team of highly trained, proactive ethical hackers. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard.

To do so, we only hire individuals with the same drive and passion.

Who we are looking for

Core values:
- Customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
- You deliver work that you take pride in. Your work is an autograph of your excellence.
- Digs deeper into every finding. Doesn't stop until impact is proven.
- Is comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
- Is always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
- Self-motivated and dependable.
- Is humble. Egos don't have a place at Packetlabs.
Education and experience:
- A graduate of Information Security or Computer Science degree program.
- Has between two and five years of experience in a similar role.
- Has professional qualifications (one or more): CISSP, OSCP, OSCE, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, BSCP. OSCP or Burp is mandatory.

What you’ll be doing

Penetration testing of web applications, mobile applications, APIs, and cloud.
If ready according to Packetlabs standards:
- Penetration testing of infrastructure that includes on-premises, hybrid, and cloud environments
  - Network Attacks: Developing access with no privileges but network access.
  - Active directory:
    - Unauthenticated Exploitation - AD exploitation as a user without access to a domain user account. Gain a foothold in the network through misconfigurations, exploitation and AD-specific attacks.
    - Authenticated Exploitation - Exploitation as a low-privileged domain user. Elevate privileges and laterally move within the network through abusing misconfigurations, exploitation and poor security configuration.
    - Exploitation: Local User - Elevating privileges on a specific machine.
    - Exploitation: Cross-Forest - Leveraging privileged access to compromise multiple segmented AD environments.
  - Advanced - Post-Exploitation Activities: Combining all of the above along with credential access, evasion, and lateral movement to demonstrate impact and risk.
- Red teaming
  - Demonstrate the ability to engineer resilient infrastructure and creative TTPs as part of the red team lifecycle.
  - Ability to thrive in complex infrastructure environments and tackle technologies you might not be familiar with.
  - Utilize common offensive security testing tools and tradecraft, and ability to customize existing toolsets to remove common IOCs.
  - Possesses a deep knowledge of the entire red team lifecycle (Initial Access, Recon, Persistence, Lateral Movement, Privilege Escalation, Data Exfiltration, and Objective Completion).
- Purple teaming
  - Possesses the ability to attack and avoid detection at different levels.
  - Have a "hunt yourself" mentality. If you can skirt defenses, are you capable of demonstrating valid methods to detect/protect against said TTPs.
  - Sitting and coaching defense teams to sprint through rule creation, alerting, and threat-hunting methodologies.
  - Demonstrate capability in the creation of a detection-based attack range.