Junior Penetration Tester

Kaseya® is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya’s best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners www.insightpartners.com), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to www.Kaseya.com and for more information on Kaseya’s culture, please click here: Kaseya Culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

Overview 

At Vonahi Security, work is more than a job - it's a passion: To hack. To tinker. To exploit. To collaborate. To automate. To make an impact. To build the future of automated network penetration testing. Not just to do something better, but to attempt things you've never thought were possible. Are you ready to push the boundaries in this new era of infosec and solve one of the industry’s most challenging problems? If so, let's talk. 

We offer a flexible, and highly collaborative work environment: excellent cross-discipline communication skills, attention to detail, and the ability to be proactive and adapt are a must! This role will report to our Director of Security Research & Pentest Automation.  

Why Join? 

• We're pushing the boundaries of technology with automation. 

• Focus on expanding your knowledge and skills. 

• Our company culture is all about teamwork, innovation, and helping each other. 

• Flexible working hours, although US business hours are preferred. 

Primary Responsibilities 

• Review automatically produced reports for internal and external network vulnerability and penetration testing assessments to identify errors, gaps, and potential (post-)exploitation vectors that require additional testing. 

• Use custom and open-source tools to perform and report on exploitation and post-exploitation – attacks that were not covered by our automated network penetration testing platform. 

• Report bugs, gaps, and suggestions for improvement relating to our automation platform and other custom tools to our automation team. 

• Contribute to internal documentation of (post-)exploitation attacks that can be performed by our pentesters. 

• Collaborate with our automation team by suggesting and documenting attacker vectors that aren’t yet covered by our automation platform. 

• Contribute to custom tools for reporting and (post-)exploitation purposes. 

• Write scripts (Ruby, Python, Bash) to automate manual testing routines and/or specific attacks (e.g. testing for and exploiting default credentials in common web apps).  

• Recommend new procedures, policies and tools to streamline our pentest QA process and eliminate repetitive, manual tasks. 

Qualifications 

The ideal candidate would have: 

• A passion for automation and innovation as it relates to offensive security. 

• At least 1 year of network security and penetration testing experience in a professional environment. 

• An understanding of network security fundamentals and common attack vectors. This includes familiarity with standard communication protocols and the potential ways to exploit them (e.g. SMB, Kerberos, LDAP, FTP, Telnet, SSH, SMTP, RDP, NFS.) 

• Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols). 

• Experience with common network penetration testing tools (e.g. Kali Linux, Metasploit, Burp Suite, Impacket, CME, Responder, Bloodhound, Mimikatz, Kerbrute). 

• Active Directory penetration testing experience. Knowledge of PowerShell is a plus, but not required. 

• Programming experience. Knowledge of Ruby is preferred, but experience with other languages, especially Python, is valuable too. 

• Experience with Unix systems and shell scripting (e.g. sh, bash, zsh). 

Join the Kaseya growth rocket ship and see how we are #ChangingLives !

Additional information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.