Overview:

Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Crestview, FL; Orlando, FL and Tupelo, MS

Mission:

A Vulnerability Assessment & Penetration Tester at Quantum Research International (QRI) must possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. This is not a "press the 'pwn' button" type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a segmented secure zone at a Defense Industrial Base (DIB) company, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit mis-configurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you're the type of cyber security team member we're looking for.

At Quantum Research, you'll be faced with complex problem solving opportunities and hands-on testing opportunities on a regular basis. We help our clients protect their most sensitive and valuable data through comprehensive and real world scenario testing. The objective doesn't end at gaining "domain admin" or "root"; this is expected and is only a starting point.

You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and properly assess them. Your work with us will assist you to develop new skills as you progress through your career.

Responsibilities:

• Scope prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
• Serve as a technical lead for complex engagements
• Develop and mentor junior staff
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance QRI's cyber security processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Minimum Qualifications:

• 7 plus years' experience in at least three of the following:
  • Network penetration testing and manipulation of network infrastructure
  • Mobile and/or web application assessments
  • Email, phone, or physical social-engineering assessments
  • Shell scripting or automation of simple tasks using Perl, Python, or Ruby
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
  • Reverse engineering malware, data obfuscators, or ciphers
  • Source code review for control flow and security flaws
• Strong knowledge of tools used for wireless, web application, and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Thorough understanding of Active Directory
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell

Preferred Qualifications:

• Ability to travel up to 10%
• CompTIA PenTest+, GIAC Penetration Tester (GPEN), EC-Council Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP)
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.