Background Image

Join The Team

If you have the knowledge, the desire, and the drive, we have a role for you

< Back to All Open Roles

Junior Associate - Penetration Testing

Consulting Services - Offensive Security - Chicago, Illinois


Description

Do you love what you do for a career? Do you want to? 

Urbane is seeking the most talented, driven, and intelligent in offensive and defensive security to join our Security Services teams to help secure the largest and most interesting organizations, platforms, and products in the world.  From large-scale cloud platforms to the newest mobile applications; global financial processing to regional healthcare providers; cutting edge devops environments to traditional corporate enterprises - Urbane is called on to help organizations face unique, highly technical, and critical challenges. 

In this role you’ll assess real-life risks to diverse technical environments by identifying security weaknesses, actively exploit their findings, and determine additional impact through post exploitation. Given your expertise and drive, you’ll face diverse challenges including black box network testing, insider threat assessments, credentialed application exploitation, and testing the effectiveness of human and physical controls. You’ll have the opportunity to excel independently while having an expert team drive you to achieve your best and back you up with the diverse challenges you’ll face.  Occasionally, and to keep things interesting, you’ll switch sides to maintain a full perspective of the security landscape by providing guidance on defensive designs or assisting compliance associates on difficult technical choices.

With Urbane you’ll have the power to make a difference and face real challenges: improving environments security, advising teams on the most effective ways to address the core security problems, and address real security problems. Challenges vary week to week and provide a wealth of experience. 

Sound like an exciting challenge and a cause you can get behind? Read on.

Who You Are

You should possess the following key character traits:

  • Creative, out-of-the-box thinker who can leverage various domains of knowledge to create uniquely tailored tests and solutions for complex problems. 
  • You’re curious by nature, intrigued by how things work, and have an appetite to find weaknesses in their design and implementation.
  • You prefer building, contributing, and leading over falling in line. 
  • You’re happy to put in the extra effort building a tool that makes everyone’s lives easier.
  • Urbane team members value developing long-term client relationships over “drop the mic” moments. You want to provide remediation suggestions that address the core issues, are sustainable, and work within the confines of the target environment.
  • You’re passionate about technology and find entertainment in crazy personal projects (i.e., programming a USB Nerf gun and webcam to mess with your cat while you aren’t at home, building an enterprise-grade virtualization environment in your bedroom closet, or seeing how many neighbors think your “free” wifi is actually “free”). 
  • A desire to stay current with the latest technologies, attacks, and hardening strategies. You’re a regular online reader of blogs and social media for the latest in security, enjoy good conference talks, and/or contribute to interesting projects.
  • Driven personality, with a desire to continuously improve, put in the hours, and deliver. You take pride in your work, and you want it to be the best you can do.
  • Not opposed to traveling and can survive occasions requiring Domestic/International travel (currently less than 25%, but subject to fluctuate).
  • Highly organized and detail-oriented with the ability to independently prioritize multiple projects while still balancing personal goals. You recognize when you need help, and aren’t afraid to ask for it.
  • Have a strong ethical compass and an understanding of ethics in business and information security. You’ll respect scope limitations, clean up after your attacks, and never access or retain data that isn’t pertinent to the testing.
  • Equally comfortable holding your own with a technical audience (especially the Unix-Beards) as well as communicating to a non-technical audience (including the C-Suite), both in writing and verbally. 
  • Maintain a unique and independent identity, but respect other business’ culture, including dress apparel, level of formality, and work schedules. We maintain a startup-style culture internally, while presenting a clean, elevated, and refined image to the rest of the world.
  • Currently a US citizen or other permanent US resident.

What You Have Done

We care more about knowledge drive over pieces of paper to serve as proof. As such, we’re looking for the following:

  • 1-3 years of experience in penetration testing, whether professional job, independent consulting, bug bounty, or capture the flag experiences. Legally, of course.
  • Performed one or more of the following roles as a penetration tester: external network penetration testing, internal network penetration testing, wireless penetration testing, web application penetration testing, mobile application penetration testing, social engineering, non-destructive physical security testing.
  • Gained a strong technical knowledge and understanding of mixed-technology environments, include diverse operating systems, network hardware, web application languages, administration technologies, authentication mechanisms, and cloud platforms.
  • Extensively used open source penetration testing tools and frameworks, such as (but not limited to) Metasploit, Burp, Nmap, etc.
  • Developed or modified tools in scripting languages, such as Ruby, Python, Perl, or Java, to assist in testing a problem.
  • Learned the core fundamentals of computers, all the way down to protocol stacks.
  • Paid enough attention in English class to write good (or is it well?) and know to self-QA deliverables before sending them to others.

What We Prefer (but do not require)

  • Are active in industry groups (e.g., OWASP, DEF CON Groups, City-Sec Meetups, or other security meetups) and/or conferences (e.g., DEFCON, ShmooCon, Summercon, DerbyCon, THOTCON, BSides, BlackHat, etc.).
  • College or equivalent educational experience.
  • Have fun acronyms after your name, such as OSCP, OSWP, GPEN, GWAPT, CPTE, CISSP, or are not opposed to getting them as needed.
  • Experience in modifying or creating tools or payloads to exploit vulnerabilities not effectively covered in other exploitation frameworks.
  • Have performed independent research, testing, or tool development on security issues out of curiosity.
  • Located in Chicago-land area or open to relocation, but willing to accept the right candidates across the US.
  • You prefer the words “information security” or “computer security” over “cyber”.

Who Is Urbane?

Founded in 2009 and headquartered in the land of da Bears, da Bulls, da Delays at O'Hare, and winters leaving you wondering why you haven't moved yet, Urbane is an information security firm focused on elevating the level of security and compliance through uniquely tailored highly-technical engagements. Engaging with a wide array of customers from Fortune to start-ups, our portfolio is never without opportunity to challenge personal skillsets and grow within the organization.

What's In It For You?

  • Competitive Salary.
  • Standard benefit packages, including Medical/Dental/Vision, paid vacation time, 401k plan, and reimbursable internet/phone/gym plans.
  • Training and professional development stipends (yes, this includes conferences!).
  • Annual team meetings and occasional team events, including BlackHat / DEF CON week.
  • Exotic Travel Locations (like Omaha!)
  • Captivating challenges, meaningful work, and ability to grow, both intellectually and within the company.

Up for the challenge?

To apply to join the Urbane team, please email Join Us @ UrbaneSecurity.com with the following:

  • Email Subject containing the role you're applying for - The link below will assist in creating a sample email.
  • Current Resume - Please attach your current resume in PDF outlining your expereince, skills, and knowledge.
  • Who _YOU_ are - Generic cover letters are boring and a guaranteed route to rejection. Introduce yourself to us and outline what makes you unique, skilled, or otherwise interesting. Bonus points for outlining your personal passions or projects (whether it be technology, coffee, music, cooking, travel, athletics, outdoors, crafting, aviation, sailing, or other).
  • What does it mean to you to be "Urbane" - Our team provides a top-tier level of delivery, both in technical abilities and in service. Briefly outline what you'll do to make your work "Urbane" in quality.

If you do not receive a response within two weeks, feel free to check in again with our team to ensure we received your application. All of us at Urbane look forward to hearing from you!

Click to Email Us To Apply