403 Labs | Security Simplified. Navigation

Do all their base belong to you?

If you can teach us something new, come join our team of smart folks. Show our clients and partners how you can break into computer systems and share tips on how to secure them.

Locations: Brookfield, WI; San Francisco, CA

About the Position

You'll be:

  • Penetration testing (ethical hacking) applications and network environments
  • Writing test and penetration plans and documenting your results
  • Performing reconnaissance and network surveys to map your targets
  • Researching tools and security exploits
  • Consulting with clients on high-level strategic initiatives as well as highly-technical and detailed regulatory compliance projects
  • Learning the tricks of the trade from experienced mentors
  • Blogging about your new security finds

We'll expect you to:

  • Be proficient with all the usual suspects:
    • Windows and Unix/Linux operating systems
    • Web applications and services
    • Firewall, IPsec and SSL VPNs, IDS/IPS, WLANs
    • Database design, implementation and management
    • Cryptography, ciphers and key management
    • Commercial and open source security tools (e.g., Nessus, Nmap, Netcat, Web Inspect, Metasploit, Cain, Wireshark, VMware, run-live distros, ...)
    • Scripting (Ruby, Python, PowerScript, JavaScript) and application development skills are distinguishing factors; if you can write your own tools, even better
  • Be prepared to maintain your proficiency; you'll need to:
    • Keep up-to-date with tools, countermeasures, threats and technologies
    • Share your knowledge and mentor new team members and peers
    • Develop and refine tools, templates and methodologies
  • Be able to interpret vulnerabilities, identify weaknesses, exploit them and escalate your access; we don't just run tools and slap on a cover sheet

Ideally, you'll:

  • Have previous auditing/consulting or penetration testing experience
  • Own more than one black t-shirt
  • Have managed networks and systems for both Windows and Unix platforms (even if it's the half-dozen systems stored under your bed)
  • Know general information security principles
  • Have coding and scripting experience (Ruby and Python are a plus, but are not required)
  • Have tried to exploit security holes and then fix them, but only on your own systems
  • Be able to communicate technical information to C-level, highly-technical and non-technical audiences alike
  • Write good and speak gooder

You'll get a gold star if you:

  • Are professionally, or willing to get, certified (while certifications don't indicate competence, they do reflect professionalism and a minimum knowledge level) in any of the following:
    • Security and IT certifications (e.g., CISSP, GIAC, CISA, CEH)
    • Technical certifications (e.g., MCSE, CCNA, etc.)
    • Related industry certifications (e.g., QSA, PA-QSA)
  • Have payment card (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or healthcare (HIPAA/HITECH) experience
  • Are fluent in Spanish or other languages and interested in traveling internationally to help us service our growing base of international customers
  • Are a member of a professional industry group (e.g., InfraGard, OWASP)

If you like to break into your own systems and you're a quick learner, you'll fit in well. We'll make sure your techniques are in line with ours.

If you've broken into someone else's system without authorization, please don't bother to apply.

How to Apply

Curious? Drop us a note to iwanttowork@403labs.com with:

  • A taste of your personality
  • A copy of your résumé
  • A reason to ask you to work with us