In this article I am going to detail a non-exhaustive overview of bypassing WAFs by
NaviSec is a veteran and minority owned cyber security company with a focus on high quality, right-sized solutions and client relationships. Our team works 24/7 to protect and assist our partners in navigating the unknown waters of cyber security.
Founded in 2015 as Sequoia Cyber Solutions, NaviSec has grown from a bootstrap startup to an established player in the cyber security space. Seamless integration, scalability, and customization are critical in our approach to protecting each client’s unique business assets. One-size-fits-all solutions are not in our vocabulary.
NaviSec empowers businesses to make bold decisions with clarity and peace of mind. Each of our three core services can be customized to fit the structure, goals, and regulatory compliance needs of the modern enterprise. The NaviSec portfolio includes Delta offensive security services, Sentry defensive security services, and the Atlas Security Operations Center (SOC).
A successful offensive security engineer at NaviSec Delta should possess a deep understanding of both information security and computer science. They should understand basic concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations.
This role is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on projects that have a meaningful impact across nearly all industries.
An offensive security engineer will be expected to perform penetration tests with little oversight, across a range of disciplines, such as web application security, wide scope internal networks, external networks and running and tracking phishing campaigns.
At NaviSec Delta, you’ll be faced with complex problem-solving opportunities and hands-on technical opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive offensive security assessment, providing a tailored approach to each client, knowing that a one-size fits all approach does not often satisfy the client’s needs.
You will be expected to develop and maintain your own offensive automation via scripts, shell aliases or whatever means you see fit!
You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and accurately assess them. You will get to work with some of the best offensive engineers and operators in the industry, allowing you to develop new skills as you progress. Are you up to the challenge?
What you'll gain working with us
- Unique tools, processes and methodology that is fun and promotes repeatability and high-quality work products that result in nearly 100% client retention rate
- A healthy, non-toxic team environment where your feedback and opinion matter. This is your chance to positively impact the DNA of an infosec company in a critical stage of growth as well as having support from all team members to be successful
- Training and mentoring opportunities to grow your career. We work hard, play hard, enjoy coming to work, and truly believe every assessment we do makes the world a little better place
- Penetration testing and Red Team projects in multiple categories, including external, internal (pre-deployed implant), web application, wireless, and IoT
- Ownership and self organization of tasks, projects and deadlines
- Interface with clients for the duration of each project's life cycle and address any concerns with professionalism and tact
- Manage project calendar and workflow
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Improve upon Navisec's attack methodologies and overall processes
- Work offensive security projects both solo and as a part of a team
- Provide expert security analysis to customers via written reports and online meetings
- 2 years’ experience performing offensive security work, such as penetration testing or Red Team work
- Network penetration testing experience
- Ability to perform security testing in sensitive environments with great care not to harm production
- Familiarity with common offensive security tools such as Burp Suite, Metasploit, nmap, Bloodhound, or other comparable tools
- Experience performing manual penetration testing (without automation)
- Shell scripting or automation of simple tasks using common scripting languages
- Exemplary technical report writing skills and ability to write for both technical and executive audiences
- Strong oratory skills and ability to effectively present technical reports to both technical and executive audiences in online meetings
- Advanced experience with a variety of operating systems and technologies, including Windows, Linux, Unix and Mac operating systems, including at the command line
- Strong knowledge of OWASP Top Ten 2017
- Strong grasp of realistic threat models, attack scenarios, and exploit chains
- Ability to provide high quality remediation guidance to clients
- Strong knowledge of TCP/IP and the OSI model
- Strong leadership abilities
- Ability to bring clarity to ambiguous situations
- Technical experience working in an IT domain (sysadmin or development)
- Experience with cloud computing, including Digital Ocean, AWS, Azure, and GCP, and experience performing attacks specific to such environments
- OSCP - Or ability to demonstrate similar a level of competency
- Experience with Axiom (dynamic infrastructure framework)
- Web application penetration testing experience
- Wireless penetration testing experience
- IoT penetration testing experience
- Social engineering experience
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Experience administering or attacking Active Directory environments
- Contribution to the security community (online publishing, CTF participation, opensource tooling, giving talks at security events)
- Participation in a security community
- Location: Remote
- Travel: Potential for up to 25% travel at some point in the future
- Apply: Send your resume & any relevant details to firstname.lastname@example.org