Careers

Black Lantern Security is a services-oriented company. We deliver a stellar product because of the ingenuity, passion, and determination of our employees. There is no mastermind; no “cult of personality.” Our continued success depends on maintaining a team that is second to none. We offer competitive compensation and benefit plans, a healthy work-life balance, and a working environment that brings out the best in our employees and plays to their strengths. Come be a part of something special.

Location: Charleston, SC (home base) traveling required domestically and internationally

Required

  • 5+ years technical Cybersecurity expertise.
  • 5+ years experience in penetration testing, computer network attack (CNA), and/or computer network defense (CND).
  • 5+ experience with basic scripting languages including bash and/or PowerShell.
  • Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • One or more professional certifications including OSCP, GPEN, GWAPT, etc.
  • Possess in-depth knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
  • Demonstrated ability to:
    • Adhere to the highest standards of honesty and scientific and business integrity.
    • Think critically about complex problems and situations.
    • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
    • Develop novel attack vectors based on newly discovered vulnerabilities.
    • Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
    • Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
    • Go beyond automated and “push-button” attack tools and utilities.
  • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Responsibilities:

  • Project-Based
    • Develop and deliver test strategies for attacking and assessing complex and distributed systems.
    • Scope and execute penetration tests based on customer goals and objectives.
    • Provide representative tactics, techniques, and procedures (TTPs) for opportunistic, advanced, and sophisticated attackers according to customer goals and objectives.
    • Provide technical leadership and guidance for junior penetration testers during all phases of an assessment.
    • Prepare clear and concise situation reports and activity summaries for BLS customers and senior leadership.
    • Execute verification and validation testing for customer mitigations and fixes.
    • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
  • Research and Development (R&D)
    • Attend and/or present at professional conferences and events.
    • Conduct independent research for:
    • The development of novel attack methods.
    • Discovering new and/or undisclosed vulnerabilities.

Contact

spt201901@blacklanternsecurity.com

Location: Charleston, SC (home base) traveling required domestically and internationally

Required

  • Technical Cybersecurity experience.
  • Experience in penetration testing, computer network attack (CNA), and/or computer network defense (CND).
  • Experience with basic scripting languages including bash and/or PowerShell.
  • Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
  • Demonstrated ability to:
    • Adhere to the highest standards of honesty and scientific and business integrity.
    • Think critically about complex problems and situations.
    • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
    • Develop novel attack vectors based on newly discovered vulnerabilities.
    • Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
    • Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
    • Go beyond automated and “push-button” attack tools and utilities.
  • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Responsibilities:

  • Project-Based
    • Help develop and deliver test strategies for attacking and assessing complex and distributed systems.
    • Provide representative tactics, techniques, and procedures (TTPs) for opportunistic, advanced, and sophisticated attackers according to customer goals and objectives.
    • Prepare clear and concise situation reports and activity summaries for BLS customers and senior leadership.
    • Execute verification and validation testing for customer mitigations and fixes.
    • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
  • Research and Development (R&D)
    • Attend and/or present at professional conferences and events.
    • Conduct independent research for:
    • The development of novel attack methods.
    • Discovering new and/or undisclosed vulnerabilities.

Contact

spt201901@blacklanternsecurity.com


Location: Charleston, SC (home base) traveling required domestically and internationally

Required

  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • Experience in performing penetration testing on enterprise networks, web applications, and mobile applications.
  • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
  • Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
  • Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
  • Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
  • Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
  • Solid understanding of OWASP testing methodology.
  • Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
  • Capable of working effectively and efficiently with minimal supervision.
  • Strong written and verbal English language skills.
  • Demonstrated ability to:
    • Adhere to the highest standards of honesty and scientific and business integrity.
    • Think critically about complex problems and situations.
    • Consider emerging web-based vulnerabilities and threats from within the context of organizational risk and business impact(s).
    • Develop novel attack vectors based on newly discovered vulnerabilities.

Preferences

  • Web application development or source code review experience.
  • Strong knowledge of Windows and Linux operating systems.
  • Working knowledge of containerized applications and container-based security controls and configurations.
  • Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)

Responsibilities

  • Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
  • Execute manual and automated code analysis to assess the quality and security of source code.
  • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
  • Develop custom tools and exploits.
  • Analyze security findings, including risk analysis and root cause analysis.
  • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
  • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
  • Execute verification and validation testing for customer mitigations and fixes.

Contact

spt201901@blacklanternsecurity.com


Location: Charleston, SC (home base) traveling required domestically and internationally

Responsibilities

  • Project-Based
    • Coordinate and execute incident response for customers in multiple market verticals including Finance, Healthcare, and Retail Operations.
    • Coordinate and execute Threat Hunting engagements
    • Develop detailed “runbooks” for responding to well-known attacks that can be tailored to specific customer environments.
    • Prepare clear and concise situation reports and activity summaries for BLS customers and Senior Leadership.
    • Execute verification and validation testing for customer mitigations and fixes.
    • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
  • Research and Development (R&D)
    • Attend and/or present at professional conferences and events
    • Participate in the development of:
    • Novel defensive tactics, techniques, and procedures (TTPs)
    • Applications, utilities, and scripts.
    • Threat hunting capabilities consistent with the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework as well as emerging offensive TTPs
    • DFIR techniques, tactics, and capabilities.

Requirements

  • Experience coordinating and performing incident response.
  • Experience with basic scripting languages including python, bash and/or PowerShell.
  • Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
  • Experience hardening *nix and Windows systems images and builds.
  • Experience parsing, consuming, and understanding log sources from variety of devices/systems.
  • Experience with one or more SIEMs (ArcSight, LogRythm, AlienVault, etc.)
  • Experience with DFIR toolsets (Sleuth Kit, Encase, FTK)
  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
  • Demonstrated ability to:
    • Adhere to the highest standards of honesty and scientific and business integrity.
    • Think critically about complex problems and situations.
    • Understand threat models and effectively communicate risk and impact.
    • Apply industry standards and best practices including the Mitre ATT&CK framework and NIST Incident Response (800-61).
    • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Preferences

  • Experience operating within a Security Operations Center (SOC).
  • Experience with Splunk or ElasticSearch.
  • Experience building, modifying, and/or deploying open source defensive tool sets

Contact

spt201901@blacklanternsecurity.com


Location: Charleston, SC (home base) traveling required domestically and internationally

Responsibilities:

  • Develop, deliver, and track Master Service Agreements (MSAs) and Statements of Work (SOWs) from contract execution to customer acceptance.
  • Manage and assign resources, cost, and deadlines for project execution.
  • Manage parallel projects for multiple customers.
  • Track activities, deliverables, and milestones for multiple customers.
  • Develop, document, and deliver customer on-boarding and support processes and procedures.
  • Develop, document, and deliver internal policies, processes, and procedures.
  • Execute additional tasking as assigned by supervisor.

Requirements:

  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • 5+ years experience managing Cybersecurity related projects.
  • Possess a basic understanding of Cybersecurity services and concepts including red teaming, penetration testing, risk analysis, vulnerability management, and configuration management (CM).
  • One or more professional certifications including PMP, PgMP, CISSP, Security+ etc.
  • Demonstrated ability to:
    • Communicate (written & verbal) effectively across the entire business stack (Executives, Management, Engineers and Administrators).
    • Adhere to the highest standards of honesty and scientific and business integrity.
    • Understand and empathize with a customer’s business mission.
    • Identify and understand critical business workflows.
    • Develop and manage customer requirements.

Preferrences

  • Previous engineering or systems administration experience is considered a plus
  • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Contact

spt201901@blacklanternsecurity.com

Apply Online

We are not looking for infosec rockstars. If you are organized, disciplined, and possess a passion for learning and discovery, come join our team.

Apply Online