IT Security Specialist - Penetration Tester

About The Position

Requirements

• A minimum of 5 years of proven penetration testing and ethical hacking experience.
• Hands-on experience in penetration testing across AWS, Azure, and On-Premise environments.
• At least 5 years of recent experience in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools (e.g. Burp Suite, Metasploit, Wireshark).
• At least 5 years of recent experience with enterprise architecture methodologies, concepts, procedures, principles, and tools.
• At least 5 years of recent experience in contingency planning and backup and recovery best practices and application of NIST guidance in this area.
• At least 5 years of recent experience in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
• At least 5 years of recent experience in conducting penetration testing or the ability to bring in a penetration tester when required.
• At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
• Possess at least one of the following professional Certifications required by DOC Enterprise Cybersecurity Policy (ECP) Annex C-1: Controls Assessor, CISSP, CISA, GCIH, GSNA, CEH, CGRC, SCNP, SCNA.
• Proficiency in verbal and written communications.
• Proficiency in interview skills.
• Proficiency in interpersonal skills.
• Proficiency in handling multiple tasks concurrently.
• Proficiency in project and time management.
• Ability to adjust to changing priorities.
• Ability to work in a cohesive team-oriented environment.
• Must be a US Citizen able to obtain and maintain a Moderate Public Trust.

Nice To Haves

• Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations.
• Comprehensive understanding of NIST guidance to include NIST Special Publications and Federal Information Processing Standards.
• Self-starter, highly motivated individual who adapts to a dynamic work environment.
• Strong attention to detail with an ability to operate effectively across multiple priorities.

Responsibilities

• Support Security Assessment and Authorization initiatives for our Government client.
• Conduct protocol analysis, vulnerability discovery and exploitation, post exploitation impact analysis, and physical security.
• Perform manual and automated firmware analysis on target devices.
• Perform pen tests, fuzzing and custom exploit attacks against client systems.
• Review deployment architectures, topologies and conops for compliance regulatory security mandates.
• Produce security reports suitable for submission to regulatory bodies.
• Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments.
• Conduct scenario-based security testing, or red teaming to identify gaps in detection and response capabilities of client end systems.
• Conduct research and testing in support of client requirements.
• Design, implement, and integrate security solutions.
• Analyze information security systems and applications.
• Recommend and develop security measures to protect information against unauthorized modification or loss.

Benefits

• Paid vacation
• Medical insurance
• Dental insurance
• Vision insurance
• Matching 401K plan
• Tuition/training reimbursement
• Long & Short-Term Disability