Attack Surface Management (ASM) Cybersecurity Analyst

Black Lantern Security is a Services Oriented Company • Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts • No one "mastermind" • No "cult of personality" • Competitive compensation and benefits • Healthy work-life balance • Project-based engagements that play to the team's strengths Attack Surface Management (ASM) Cybersecurity Analyst Location: Remote Travel: Up to 10% travel possible, both domestically and internationally Experience Level: Entry - Mid Level Responsibilities: • Perform data collection in support of ASM • Identify vulnerabilities, communicate risk, and verify root cause • Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixes • Develop custom tools and small utilities • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques Preferences: • Strong understanding of OWASP common vulnerabilities and testing methodologies • Ability to communicate risks caused by web-based application vulnerabilities • Possess basic cybersecurity professional certifications (Security+, GSEC, SSCP) • Experience with ASM/OSINT tools and utilities (BurpSuite, AMASS, PassiveTotal, SecurityTrails, Nuclei, Recon-NG, GoWitness, MassDNS, Masscan, Censys.io, etc.) Requirements: • Must be US citizen (must be willing to submit to federal, state, and local background checks as well as other requirements) • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws • Understanding of common web application frameworks and web-based APIs • Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc. • Solid understanding of Open-Source Intelligence (OSINT) gathering techniques in support of ASM (subdomain discovery/enumeration, service and application enumeration, and content discovery, etc.) • Ability to manage, organize, analyze, and present substantial amounts of data • Strong written and verbal English language skills • Capable of working effectively and efficiently with minimal supervision Apply tot his job