Pen Tester

About The Position

Requirements

• Must have experience with penetration testing tools.
• Must have experience in web development and programming languages such as Java, XML, Perl and HTML.
• Must have experience with programming/scripting in Python, Powershell, C, JavaScript, etc.
• Must have extensive experience performing IT security risk assessments.
• Must have experience performing web app and physical pentests.
• Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective.
• Must have experience with or strong familiarity of Kali.
• Must have experience with or strong familiarity of IPS/IDS solutions.
• Must have a strong understanding of the Cyber Kill Chain methodology.
• Must have experience applying Risk Management Framework.
• Must have experience with secure configurations of commonly used desktop and server operating systems.
• Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration.
• Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues.
• Must possess a TS/SCI clearance with appropriate polygraph

Nice To Haves

• Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience.
• Certifications in one or more of the following areas strongly preferred: GIAC Web Applications Penetration Tester (GWAPT) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) Certified Web Application Defender (GWEB) Certified Information System Security Professional (CISSP)
• Extensive experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Extensive experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass development, design, and implementation.

Responsibilities

• Design and execute internal and external penetration tests to identify vulnerabilities and develop effective mitigation strategies
• Conduct web application penetration tests, vulnerability risk assessments, and physical penetration tests, as well as social engineering analysis
• Provide cyber incident response support as needed, evaluating the impact of new development on the operational security posture of IT systems
• Collaborate with development teams to enhance their understanding of various types of vulnerabilities, attack vectors, and remediation approaches
• Work closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architecture and implementations meet strict security requirements
• Develop and enforce information systems security policies, standards, and methodologies, serving as a Subject Matter Expert in security architecture
• Protect Enterprise-wide information systems from cyber threats, ensuring the security and integrity of sensitive data
• Develop and implement effective security measures, collaborating with cross-functional teams to drive innovation and excellence
• Enhance your skills and expertise in penetration testing, vulnerability assessment, and incident response, staying at the forefront of cybersecurity trends and best practices

Benefits

• health, dental, and vision insurance
• health savings accounts
• a 401(k) savings plan
• disability coverage
• life and accident insurance
• an employee assistance program
• a legal plan
• discounts on things like home, auto, and pet insurance
• paid time off
• paid holidays
• paid parental, military, bereavement, and any applicable federal and state sick leave
• Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards
• Other incentives may be available based on position level and/or job specifics.