There's a reason we've won so many awards for being one of the best companies to work for! We invite you to apply to join our family, and here's what's in it for you:

• 12 paid holidays
• Competitive compensation
• Benefits, perks, and discounts worth a double-take
• A positive atmosphere and co-workers that truly care
• Enjoyable activities and wellness initiatives

Summary: Conducts collection, processing, and/or geolocation of systems to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executes on-net operations.

Essential Functions and Responsibilities:

• Analyze internal operational architecture, tools, and procedures for ways to improve performance.
• Analyze target operational architecture for ways to gain access.
• Collaborate with development organizations to create and deploy the tools needed to achieve objectives.
• Conduct access enabling and exploitation of wireless computer and digital networks.
• Conduct network scouting and vulnerability analyses of systems within a network.
• Conduct on-net activities to control and exfiltrate data from deployed technologies.
• Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers).
• Detect exploits against targeted networks and hosts and react accordingly.
• Edit or execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems.
• Exploit network devices, security devices, and/or terminals or environments using various methods or tools.
• Record information collection and/or environment preparation activities against targets during operations designed to achieve cyber effects.
• Additional tasks as directed and requested by management.
• This job description is not an exhaustive list of all job duties. Other duties may be assigned at any time.

Qualifications:

• Required: High school diploma or equivalent and BA/BS degree required in Computer Science, Information Technology, or related field.
• A minimum of 3 years of systems-related experience and at least 2 years of experience working with information security issues and technologies.
• At least one industry certification: PenTest+, CySA+, CASP+, GIAC Security Essentials, CEH, OSCP.

Knowledge:

• Computer networking concepts and protocols (e.g. TCP/IP), network security methodologies, and wireless applications vulnerabilities.
• Risk management processes (e.g., methods for assessing and mitigating risk).
• Cybersecurity and privacy principles, laws, regulations, policies, and ethics. Cyber threats and application vulnerabilities. Auditing and logging procedures.
• Data backup and recovery. System administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Windows operating systems, and virtual machine technologies. Low-level computer languages (e.g., assembly languages).
• Cryptologic capabilities, limitations, and contributions to cyber operations.
• Encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
• Current software and methodologies for active defense, system hardening, and host-based security products.
• Implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.
• Malware, methods, and techniques used to detect various exploitation activities, evasion strategies and techniques.
• Structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
• Of the fundamentals of digital forensics to extract actionable intelligence.

Skills and Abilities:

• Analyzing memory dumps to extract information.
• Assessing current tools to identify needed improvements.
• Auditing firewalls, perimeters, routers, and intrusion detection systems.
• Data mining techniques (e.g., searching file systems) and analysis.
• Determining installed patches on various operating systems and identifying patch signatures.
• Extracting information from packet captures and interpreting vulnerability scanner results to identify vulnerabilities.
• Knowledge management, including technical documentation techniques (e.g., Wiki page). Testing and evaluating tools for implementation.
• Processing collected data for follow-on analysis. Providing real-time, actionable geolocation information utilizing target infrastructures.
• Reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data).
• Remote command line and Graphic User Interface (GUI) tool usage.
• Survey, collection, and analysis of wireless LAN metadata.
• Using tools, techniques, and procedures to remotely exploit and establish persistence on a target.
• Verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.).
• Analyze and assess internal and external partner reporting.
• Ability to interpret and translate customer requirements into operational action.
• Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.
• Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools.
• Ability to perform wireless collection procedures to include decryption capabilities/tools.

Work Conditions:

• Office environment, moderate walking
• Occasional travel

Deseret First Credit Union is proud to be an Equal Opportunity Employer, providing equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, gender identity, age, national origin, disability veteran status, pregnancy, sexual orientation, or any other characteristic protected by law.