Junior Penetration Tester

About The Position

Requirements

• Knowledge and experience with manual host testing per CIS benchmarks.
• Strong knowledge of and experience with Burp Suite.
• 3+ years of experience in the information technology field.
• Knowledge of and experience with Nessus.
• Knowledge of OWASP Top 10.
• Some penetration testing experience required.
• Knowledge of NIST SPs and NIST Risk Management Framework (RMF).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Strong attention to detail.
• Ability to obtain and maintain a Public Trust required.

Nice To Haves

• Bachelor's Degree in STEM field preferred.
• Industry standard certification (e.g. Security+) strongly preferred.
• Knowledge of and experience with Acunetix.
• Knowledge of and experience with Appdetective.
• Knowledge of and experience with DbVisualizer.

Responsibilities

• Supports security assessments by planning and executing tests on web applications, infrastructure, cloud environments, and other technologies connected to the client network.
• Develop test plans.
• Perform vulnerability and risk analyses.
• Automate testing processes.
• Map findings to NIST SP 800-53 controls to ensure compliance and improve security posture.
• Conduct security testing of IT assets, web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, COTS products, cloud implementations, common application platforms, and other technologies connecting to or interacting with the Judiciary network.
• Develop and maintain a repeatable methodology for performing security testing.
• Security test planning should include, but is not limited to: threat modeling, map business requirements to the applicable security requirements, determine appropriate security controls, test scenarios and test cases.
• Develop the Security Test Plans.
• Perform security testing, vulnerability analysis, and risk analysis in accordance with an industry-proven, repeatable methodology.
• Evaluate the effectiveness of security controls as they relate to the applicable security controls of the system tested.
• Relate test results to controls in NIST SP 800-53, as reflected in the JISF.
• Develop, maintain and use customized testing scripts (testing automation) for individual and team use.
• Develop and deliver reports as required.

Benefits

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - $2,500/year!
• Bonus and profit-sharing opportunities, depending on company and employee performance.