SixGen, Inc.

Role Description We are seeking a Senior Web Application Penetration Tester to join our growing team. As a Senior Web Application Penetration Tester, you will be challenged to perform: - Endpoint discovery - Open source research - Web application enumeration - Novel vulnerability analysis/exploitation This is much more than Burp scans; operators routinely develop custom tooling (in languages such as PHP, Java, and Python) and achieve a deep understanding of target infrastructure/technology in exploitation paths. The assessments are usually a long haul and great for advanced bug bounty hunters who enjoy getting deep in the weeds. Some cloud/Active Directory experience is a plus for post exploitation activities. This role resides in our Delivery Department and reports to our VP of Cyber Operations. This position is remote with a 10% travel requirement. Qualifications - 5 years of Web Application Penetration Tester experience. - OSCP, OSWA, OSWE, CRTO, CBBH, GWAPT, or other relevant, hands-on certification. OSCP preferred. - Knowledge of FISMA and NIST 800 series standards. - Experience in network mapping, vulnerability scanning, and penetration and web application testing. - Proficiency in using scanning tools like Nessus and NMap, as well as penetration tools like the Kali Linux suite, Burpsuite, and Metasploit. Requirements - Ability to participate in cybersecurity control testing engagements for the customer's network, websites, apps, and cloud technologies. - Must have experience in web application penetration testing. - Experience using approved test protocols and procedures to conduct network and application-level penetration tests. - Experience attending client meetings, recording internal and technical client interviews, and preserving the contents of reports and memoranda. - Must be willing to travel as needed. - Must be able to obtain Secret Clearance. - Experience in script writing and crafting of payloads. Benefits - Competitive salary - Employer-paid health insurance premiums (medical, dental, vision) - Employer-paid short/long term disability insurance and basic life/AD&D insurance - 401K with a 4% employer contribution - Professional development reimbursement options available (training, certification, education, etc) - Flexible and remote work policies for most positions - Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually - 11 paid holidays per calendar year The anticipated salary range for this role is $100,000 - $135,000 per year, depending on experience and qualifications. We are committed to fostering an inclusive culture that values diversity in our people, reflecting the communities we serve and our customer base.

Role Description As a Red Team Operator at SIXGEN, you’ll provide meaningful support to our federal customers. Your commitment to our customer’s missions, curiosity, and attention to detail will make you a valuable addition to the SIXGEN team. - Expert experience with networking (TCP/IP) - Expert experience in tunneling (e.g., SSH/socat) - Coding experience in C/Python/Bash - PCAP analysis - Deep understanding of common encryption techniques - Strong experience with digital forensics - Experience with filesystems (Linux and Windows) - Knowledge of network protocols (DNS, NFS/SMB, SSH) - Knowledge of Windows Domains (Active Directory, SMB, Group Policy, etc.) - Advanced Linux Skills (Kernel and modules, setuid, DLLs and linking, etc.) Qualifications - Relevant Certifications - Independently work and lead a small team - Analyze networks, documentation, and code - Create informed decisions - Ability to perform in a remote-first environment Requirements - 8+ years of experience - Clearance Requirements: TS Benefits - Employer-funded health, dental, vision, and life insurance - Flexible Leave Policy - Flexible hours and opportunities to work from home - 4% 401(k) contribution, vested immediately - Reimbursements for training events, gym memberships, cell phone and internet bills, and lunches with coworkers - Reimbursement for training and certifications