Penetration Tester at Berryville Holdings, LLC

Penetration Tester

Full-time remote work position. Only seeking candidates in South Carolina, Virginia, Maryland, Kentucky, Texas, Florida, Pennsylvania, or Colorado.

Company Description

Berryville Holdings, LLC is a software development and services company dedicated to providing leading-edge technology solutions to customers whose security and operational requirements demand proactive security solutions. Our headquarters is located outside of Washington D.C. in Herndon, Virginia, and we employ a group of highly talented engineers and developers across the country who devise and maintain our unique software solutions.

Our cloud-driven software product line leverages state-of-the art technologies and strives to invent new software techniques. Berryville Holdings, LLC holds multiple U.S. patents for our software and technology solutions. Join us for a unique opportunity to focus your talents and energy on rewarding, meaningful, and invigorating work with an innovative, industry-leading company.

Job Description

The primary responsibilities of this position include:

• Continually evaluating source code for threats and weaknesses.
• Reviewing and providing recommendations for all security elements of our development activities.
• Tracking relevant security events and creating reports for senior management.

Secondary duties may include:

• Tracking and reporting published threats on software libraries or events relevant to our software products.
• Aiding in the company's investment in security measures to protect the software (e.g security tools, applications, policies, or processes).

We are only seeking candidates enthusiastic about software security. Demonstration out-of-office activities related to this field is desired. All candidates must also complete a practical evaluation of related knowledge and skills.

Job Benefits

• Three weeks of paid time off, plus paid time off for 10 federal holidays and your birthday.
  • An additional week of paid time off is provided after the third year of employment
• 100% Employer paid Health, dental, and vision insurance
• 401K matching
• Related classwork and certification reimbursement
• Bi-annual cash bonuses
• Telecommuting (work from home) option
• Guaranteed comp-time accrual for mandated weekend & evening work

Required Experience

• 5+ years of penetration testing experience performing network, web application, system application, and Linux vulnerability testing.
• Demonstratable real-world experience performing white-box testing.
• Substantial knowledge of Linux operating systems.
• Experience with networking protocols (TCP/IP) and VPNs.
• Experience with cloud service exploits/attacks.
• Expertise in the following attack techniques:
  • SQL injection
  • Cross Site Scripting (XSS)
  • Denial of Service (DoS)
  • Cross-site request forger (CSRF or XSRF)
  • Remote code execution and privilege escalation
• Experience writing applications for reverse engineering or vulnerability discovery.

Required Skills

• Proficiency in a scripting language.
• Ability to read and assess applications written in Java, JavaScript/TypeScript, PHP, and C++.
• Ability to understand and operate software security technologies, concepts, and tools.
• Comprehension of cryptography, privilege escalation on Linux systems, server-side request forgery, input validation, source code/file disclosures, remote file writes, and webserver misconfigurations.
• Fluency in both spoken and written English, including the ability to work with technical content.

Job Type: Full-time

Salary: $95,000.00 to $115,000.00 /year

BVH is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, age, national origin, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, or any other group protected by federal, state, or local law.