Penetration Tester - Lead

About The Position

Requirements

• Active Top-Secret/SCI
• Minimum of 6 years technical experience
• Certification requirement: Certified Penetration Tester (GPEN) OR Certified Ethical Hacker (CEH) OR meets current DCWF qualification requirements
• DCWF Code: 541 – Advanced (Masters an IT field OR Applicable Military Training OR one of the following: CFR, CISA, CISM, CySA+, GPEN, GSNA
• Must posses an active, OR have the ability to obtain within 90 days of hire date, an ITIL Foundations Certification
• Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations
• Must possess an in-depth understanding of penetration testing methodology, including recon, exploit, persistence, etc.
• Must have a solid understanding of networking protocols, their uses, and their potential misuses
• Programming experience in one or more languages, experience in HTLM/CSS or SQL
• Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl

Nice To Haves

• Offensive Security OSCP
• Army Certified Penetration Tester (or Instructor)
• Fluency in one or more programming language (e.g.,Python, C#, Golang)
• In-depth understanding of physical penetration test ng or PACS
• Demonstrated ability to produce written deliverables and brief senior leadership
• Self-starter with excellent judgment, capable of independent decision making

Responsibilities

• Utilize offensive toolsets such as Metaspolit and Kali Linux to safely analyze and penetration test production networks and systems, documenting steps and procedures to produce usable vulnerability assessments for the customer
• Identify and investigate vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems
• Perform planning, execution, and documentation of penetration testing missions in accordance with Red Team methodologies
• Perform web application testing using tools such as Burp Suite, Zap Proxy, Skipfish and Nikto, and open-source toolsets
• Travel to customer sites to perform network security evaluations, penetration tests, and brief customers on findings
• Perform daily cyber threat research and present findings to the organization to maintain knowledge of current adversary tactics, techniques and procedures and how to apply them.
• Brief staff and leadership on these findings
• Perform open-source intelligence gathering to prepare for missions
• Write reports of vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture
• Assist all sections of the Defensive Cyber Operations team as required in performing Analysis, System Administration, and other duties as assigned
• Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations
• Write reports of remotely exploitable vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture
• Prepare and present technical reports and briefings