Job Title

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.Job responsibilities:Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and Cloud on system and network levels, employing advanced ethical hacking techniques.Application Penetration Testing (Browser-based, API, Mobile, IoT)Threat ModelingSource Code ReviewPerform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated.Organizing and delivering technical security operational briefings for both technical and non-technical audiences.Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics.dynamic application security testing (DAST) scans on the identified targets without credentials.Perform credentialed DAST scans on known client URLs.Conduct research to identify new attack vectors.Review and provide feedback for all Security Artifacts.Play a critical role in building an AppSec program that has a wide scope and impact.Researching Open source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients.Preparing and delivering clear, accurate, and concise written and oral technical reports for management.Job specifications:Qualification:Bachelor’s degree in Engineering or closely related coursework in technology development disciplinesCertifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirableExperience:Total Experience – 5+ yearsDesired Skills:Knowledge and Experience:Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).A thorough understanding of the Secure Development Life CycleHave comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).Microservices testingAbility to find and exploit bugs in:C++, Java, JavaScript, Go, and PythonKubernetes, AWS, GCP, or AzureMemory management, namespaces, cgroups, etc.Passion for writing code to solve problems combined with an interest in Offensive Security.Ability to demonstrate a strong background in one of the following languages:Golang, Python, Java, JavaScript, C++, CPersonal AttributesSelf-starter and quick learner requiring minimal ramp-upExcellent analytical, written, oral, and interpersonal communication skillsHighly self-motivated, self-directed, and attentive to detailAbility to effectively prioritize and execute tasks in a high-pressure environmentStrong communications skills to comfortably work cross-functionally across the organization