Mobile Ethical Hacker

United Airlines Inc. - Chicago, IL

Full-time
We have a wide variety of career opportunities around the world — come find yours.

Job overview and responsibilities

The Ethical Hacking team is looking for a talented and experienced candidate to join a team of world-class Red Team experts. In this role, the candidate will be responsible for conducting vulnerability assessments, penetration tests, mobile web application testing, and social engineering campaigns. The successful candidate will identify, evaluate, and provide remediation guidance for potential weaknesses in United’s systems and processes. The right candidate will need to be dedicated to performing ‘objective-based’ assessments replicating a known threat actor, with known TTPs and motivations, to help the organization understand whether an actual actor using similar techniques would be able to accomplish a specific objective.

Core Role Functions:
Participate in technical testing against United’s mobile applications, mobile devices, and network assets, from operational planning, initiation, and remediation to reporting
Communicate findings, attack paths, and recommendations to technical, non-technical, and senior leadership through written reports and verbal presentations.
Develop scripts, tools, techniques, and methodologies to improve the overall ability of the Ethical Hacking team to deliver high-quality tests.
Employ advanced internal network, wireless networks, mobile applications, thick-client applications, embedded applications, or hardware penetration testing techniques.
Act as a primary technical contact for IT and development teams to remediate findings.
Develop and contribute to team Tactics, Techniques, and Procedures (TTPs) knowledge base
Demonstrate an understanding of penetration testing techniques and methodologies. Must be very proficient with the common tools associated with penetration testing (Metasploit, Burp Suite, Cobalt Strike, etc)
Develop/customize payloads specific to the environment, software version, or for evasion of defensive technologies related to mobile applications.

Required

Ability to effectively code in a scripting language (Python, Perl, etc)

Must be legally authorized to work in the United States for any employer without sponsorship

Successful completion of interview required to meet job qualification

Reliable, punctual attendance is an essential function of the position

Preferred

Desirable certifications: OSCP, GPEN, OSCE

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT