Ethical Hacker (Infrastructure + Red Team)

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan "Ready for more than a VA scan?" drives at the importance of not providing our clients with a false sense of security.

We are a passionate team of highly trained, proactive, ethical hackers. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard. 

To do so, we only hire individuals with the same drive and passion.

Who we are looking for:

• Core values:
• • Customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
  • You deliver work that you take pride in. Your work is an autograph of your excellence.
  • Digs deeper into every finding. Doesn't stop until impact is proven.
  • Is comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
  • Is always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
  • Self-motivated and dependable.
  • Is humble. Egos don't have a place at Packetlabs.
• Education and experience:
• • Proven infrastructure testing experience across cloud and Active Directory
  • While OSCP is preferred, we are open to exploring candidates who match the experience or passion required for this position 

What you’ll be doing as an Infrastructure Tester

• Penetration testing of infrastructure that includes on-premises, hybrid, and cloud environments. You might need to be knowledgeable in the following:
• • Exploring an organization’s external attack surface and finding creative ways to breach past the external firewalls.
  • Developing access with an internal rogue device with no privileges but network access (sometimes this involves physical penetration testing).
  • Active Directory and Hybrid Entra ID:
  • • Exploitation as a low-privileged domain user. Elevate privileges and laterally move within the network through abusing misconfigurations, exploitation, and poor security configuration.
    • Elevating privileges on a specific machine.
    • Leveraging privileged access to compromise multiple segmented AD environments.
  • AWS, GCP, Containers Testing:
  • • Exploitation as a low level IAM role or project-level permissions and identify and exploit misconfigurations that enable privilege escalations.
    • Assess and evaluate cloud storage and cloud functions exposures. Knowing your way around the CI/CD is a big bonus.
    • Perform basic container escapes and internal cluster testing within Kubernetes and similar technology stacks.
  • Combining all of the above, along with credential access, evasion, and lateral movement, to demonstrate impact and risk.

What you’ll be doing as a Red Team Operator

• Packetlabs Red Team operators align with DORA, CREST STAR-FS, and TIBER-EU specifications, which require a minimum of at least 2 years of experience in a full-time offensive security testing position. Without the 2 years of experience and proven capability, you will not be considered for this role. 
• As part of the role, you’ll be asked to demonstrate the ability to engineer resilient infrastructure and creative TTPs as part of the red team lifecycle. This may include:
• • Assisting and/or leading full-spectrum red team engagements beginning from external, initial access, and social engineering parts of the kill chain.
  • Assisting with the implant engineering and design to ensure the first click doesn’t result in a detection or an alert against EDRs.
  • Demonstrate the ability to operate with a command and control server and utilize both common offensive security testing tools and tradecraft, and the ability to customize existing toolsets to remove common IOCs.
  • Good offensive drives and a strong defense - you will be working to secure some of the most widely used applications and environments in the world. We achieve this by helping organizations improve their ability to architect and engineer their existing (or new) defenses.
  • Craft custom runbooks for purple team engagements aligned to the Unified Kill Chain (or similar/adjacent models). 

Why us?

• Immediate and continual offensive security training
• Wealthsimple GRSP with corporate matching
• Participation in corporate benefit plans
• Amazing team and working environment
• Competitive compensation and growth opportunity