Careers
Black Lantern Security is a Services Oriented Company
- Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts
- No one "mastermind"
- No "cult of personality"
- Competitive compensation and benefits
- Healthy work-life balance
- Project-based engagements that play to the team's strengths
Senior Penetration Tester
Location: Remote
Required:
- 5+ years technical Cybersecurity expertise.
- 5+ years experience in penetration testing, computer network attack (CNA), and/or computer network defense (CND).
- 5+ experience with basic scripting languages including bash and/or PowerShell.
- Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
- Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
- One or more professional certifications including OSCP, GPEN, GWAPT, etc.
- Possess in-depth knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
-
Demonstrated ability to:
- Adhere to the highest standards of honesty and scientific and business integrity.
- Think critically about complex problems and situations.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Develop novel attack vectors based on newly discovered vulnerabilities.
- Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
- Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
- Go beyond automated and “push-button” attack tools and utilities.
- Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).
Responsibilities:
-
Project-Based
- Develop and deliver test strategies for attacking and assessing complex and distributed systems.
- Scope and execute penetration tests based on customer goals and objectives.
- Provide representative tactics, techniques, and procedures (TTPs) for opportunistic, advanced, and sophisticated attackers according to customer goals and objectives.
- Provide technical leadership and guidance for junior penetration testers during all phases of an assessment.
- Prepare clear and concise situation reports and activity summaries for BLS customers and senior leadership.
- Execute verification and validation testing for customer mitigations and fixes.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
-
Research and Development (R&D)
- Attend and/or present at professional conferences and events.
- Conduct independent research for:
- The development of novel attack methods.
- Discovering new and/or undisclosed vulnerabilities.
Junior Penetration Tester
Location: Remote
Required:
- Technical Cybersecurity experience.
- Experience in penetration testing, computer network attack (CNA), and/or computer network defense (CND).
- Experience with basic scripting languages including bash and/or PowerShell.
- Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
- Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
- Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
-
Demonstrated ability to:
- Adhere to the highest standards of honesty and scientific and business integrity.
- Think critically about complex problems and situations.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Develop novel attack vectors based on newly discovered vulnerabilities.
- Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
- Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
- Go beyond automated and “push-button” attack tools and utilities.
- Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).
Responsibilities:
-
Project-Based
- Help develop and deliver test strategies for attacking and assessing complex and distributed systems.
- Provide representative tactics, techniques, and procedures (TTPs) for opportunistic, advanced, and sophisticated attackers according to customer goals and objectives.
- Prepare clear and concise situation reports and activity summaries for BLS customers and senior leadership.
- Execute verification and validation testing for customer mitigations and fixes.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
-
Research and Development (R&D)
- Attend and/or present at professional conferences and events.
- Conduct independent research for:
- The development of novel attack methods.
- Discovering new and/or undisclosed vulnerabilities.
Web Application Penetration Tester
Location: Remote
Required:
- Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
- Experience in performing penetration testing on enterprise networks, web applications, and mobile applications.
- Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
- Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
- Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
- Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
- Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
- Solid understanding of OWASP testing methodology.
- Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
- Capable of working effectively and efficiently with minimal supervision.
- Strong written and verbal English language skills.
-
Demonstrated ability to:
- Adhere to the highest standards of honesty and scientific and business integrity.
- Think critically about complex problems and situations.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Develop novel attack vectors based on newly discovered vulnerabilities.
- Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).
Preferences:
- Web application development or source code review experience.
- Strong knowledge of Windows and Linux operating systems.
- Working knowledge of containerized applications and container-based security controls and configurations.
- Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)
Responsibilities:
- Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
- Execute manual and automated code analysis to assess the quality and security of source code.
- Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
- Develop custom tools and exploits.
- Analyze security findings, including risk analysis and root cause analysis.
- Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
- Execute verification and validation testing for customer mitigations and fixes.
Blue Teamer Incident Response
Location: Remote
Responsibilities:
-
Project-Based
- Coordinate and execute incident response for customers in multiple market verticals including Finance, Healthcare, and Retail Operations.
- Coordinate and execute Threat Hunting engagements
- Develop detailed “runbooks” for responding to well-known attacks that can be tailored to specific customer environments.
- Prepare clear and concise situation reports and activity summaries for BLS customers and Senior Leadership.
- Execute verification and validation testing for customer mitigations and fixes.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
-
Research and Development (R&D)
- Attend and/or present at professional conferences and events
- Participate in the development of:
- Novel defensive tactics, techniques, and procedures (TTPs)
- Applications, utilities, and scripts.
- Threat hunting capabilities consistent with the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework as well as emerging offensive TTPs
- DFIR techniques, tactics, and capabilities.
Preferences:
- Experience operating within a Security Operations Center (SOC).
- Experience with Splunk or ElasticSearch.
- Experience building, modifying, and/or deploying open source defensive tool sets
Requirements:
- Experience coordinating and performing incident response.
- Experience with basic scripting languages including python, bash and/or PowerShell.
- Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
- Experience hardening *nix and Windows systems images and builds.
- Experience parsing, consuming, and understanding log sources from variety of devices/systems.
- Experience with one or more SIEMs (ArcSight, LogRythm, AlienVault, etc.)
- Experience with DFIR toolsets (Sleuth Kit, Encase, FTK)
- Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
- Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
-
Demonstrated ability to:
- Adhere to the highest standards of honesty and scientific and business integrity.
- Think critically about complex problems and situations.
- Understand threat models and effectively communicate risk and impact.
- Apply industry standards and best practices including the Mitre ATT&CK framework and NIST Incident Response (800-61).
- Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).
Project Manager
Location: Remote
Required:
- Develop, deliver, and track Master Service Agreements (MSAs) and Statements of Work (SOWs) from contract execution to customer acceptance.
- Manage and assign resources, cost, and deadlines for project execution.
- Manage parallel projects for multiple customers.
- Track activities, deliverables, and milestones for multiple customers.
- Develop, document, and deliver customer on-boarding and support processes and procedures.
- Develop, document, and deliver internal policies, processes, and procedures.
- Execute additional tasking as assigned by supervisor.
Preferences
- Previous engineering or systems administration experience is considered a plus
- Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).
Responsibilities:
- Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
- 5+ years experience managing Cybersecurity related projects
- Possess a basic understanding of Cybersecurity services and concepts including red teaming, penetration testing, risk analysis, vulnerability management, and configuration management (CM).
- One or more professional certifications including PMP, PgMP, CISSP, Security+ etc.
-
Demonstrated ability to:
- Communicate (written & verbal) effectively across the entire business stack (Executives, Management, Engineers and Administrators).
- Adhere to the highest standards of honesty and scientific and business integrity.
- Understand and empathize with a customer’s business mission.
- Identify and understand critical business workflows.
- Develop and manage customer requirements.
Attack Surface Management (ASM) Cybersecurity Analyst
Location: Remote
Travel: Up to 10% travel possible, both domestically and internationally
Experience Level: Entry - Mid Level
Responsibilities:
- Perform data collection in support of ASM
- Identify vulnerabilities, communicate risk, and verify root cause
- Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixes
- Develop custom tools and small utilities
- Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques
Preferences:
- Strong understanding of OWASP common vulnerabilities and testing methodologies
- Ability to communicate risks caused by web-based application vulnerabilities
- Possess basic cybersecurity professional certifications (Security+, GSEC, SSCP)
- Experience with ASM/OSINT tools and utilities (BurpSuite, AMASS, PassiveTotal, SecurityTrails, Nuclei, Recon-NG, GoWitness, MassDNS, Masscan, Censys.io, etc.)
Requirements:
- Must be US citizen (must be willing to submit to federal, state, and local background checks as well as other requirements)
- Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws
- Understanding of common web application frameworks and web-based APIs
- Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
- Solid understanding of Open-Source Intelligence (OSINT) gathering techniques in support of ASM (subdomain discovery/enumeration, service and application enumeration, and content discovery, etc.)
- Ability to manage, organize, analyze, and present substantial amounts of data
- Strong written and verbal English language skills
- Capable of working effectively and efficiently with minimal supervision
A Challenger Approaches

Black Lantern Security
Get tailored cybersecurity services, tools, and products to safeguard your business.