Penetration Tester (Mid or Senior Level)

About Energy VaultEnergy Vault develops and deploys sustainable energy storage solutions designed to transform the world's approach to utility-scale energy storage in realizing decarbonization while maintaining grid resiliency. The company's proprietary gravity-based energy storage technology, battery storage technology, and energy storage management and integration platform are intended to help utilities, independent power producers and large industrial energy users significantly reduce their levelized cost of energy while maintaining power reliability. Utilizing eco-friendly materials with the ability to integrate waste materials for beneficial re-use, Energy Vault is facilitating the shift to a circular economy while accelerating the clean energy transition for its customers. For additional information, please visit: www.energyvault.com.
Position Title: Penetration Tester / Ethical Hacker (Mid or Senior)Reports To: Lead Cybersecurity EngineerLocation: Tysons Corner, VA, Westlake Village, CA or REMOTE (USA)
About the role As a Senior Penetration tester, you will help to assess the security of the systems, both informational and operational, within the organization. You will use industry-standard ethical hacking tools to conduct initial reconnaissance, scan for vulnerabilities, formulate a plan of attack, and attempt to exploit the systems and infrastructure. You will need creativity and imagination to gain access to and control of the systems, ultimately working to develop recommendations and implement solutions to fortify the organization’s systems. As the company’s internal red team, you will think outside the box in a cat-and-mouse game with the “good guys” to break web applications, business logic systems, servers, and everything else.

What you will do

• Use industry-standard tools (Kali Linux, Metasploit Framework, Nessus/Tenable, etc.) to conduct network penetration testing (edge routers, switches, firewalls, etc.), web and mobile application testing, ad wireless network assessments
• Develop comprehensive threat analysis reports and presentations for both technical and non-technical audiences of varying levels of familiarity
• Formulate remediation strategies for both theoretical and practical discovered vulnerabilities, discussing plans with internal stakeholders
• Safely utilize non-destructive ethical hacking tools, tactics, and procedures
• Develop plans and scripts to facilitate an automated and persistent threat scanning architecture
• Conduct social engineering assessments
• Shape a culture of collaboration, innovation, constant improvement, excellence, transparency, open mindedness, humility, integrity, efficiency, joy, compassion, and fulfillment

What a qualified candidate should possess

• Experience with industry-standard ethical hacking tools for scanning, exploitation, packet capture, and brute-force attempts (Kali Linux, Metasploit Framework, Nmap / Zenmap, Wireshark, John the Ripper, Burp, Nessus/Tenable, OWASP ZAP)
• Scripting ability (Python, Bash, Ruby, etc.) for automation and assessment purposes
• Experience in mixed-mode architectures employing heterogenous (IT/OT) devices and systems, such as DoD/IC equipment systems, industrial control systems, or equivalent
• Experience with functional and integration testing, understanding the interplay between functional requirements and security requirements
• Experience with both zero-knowledge hacking practices (TryHackMe, Hack the Box, etc.) and knowledge-based hacking practices (Nessus/Tenable, etc.)
• Knowledge of network architecture and hardware (switches, hardware, and software firewalls, etc.)
• Knowledge of multiple operating systems and their relative security practices
• Familiarity with common cryptographic methods and protocols
• Familiarity with Agile methods and practices for issue tracking (Jira)
• Familiarity with basic cloud architecture and platforms (AWS, GCP, etc.)
• Bachelor’s or Associate’s degree in computer science, information technology, cybersecurity, or a related field
• Comfort in fast-paced, rapid growth environments
• Experience in public companies is a plus
• A passion for sustainability is critical to our purpose, mission, and vision!

At Energy Vault we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants. We believe inclusion creates opportunity for collaborative excellence through diversity of thought. We invite individuals of all genders, races, identities, ethnicities, sexual orientations, national origins, abilities, protected veteran status, religions, educational and socioeconomic backgrounds to explore employment with our organization.