Penetration Tester

About The Position

Requirements

• Secret – IT-II (Tier 3) Non-Critical Sensitive Clearance
• Possess a certification in penetration testing, such as: Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN)
• Minimum of 3 years of demonstrated experience performing vulnerability assessments and penetration testing.
• Minimum of 2 years of experience conducting network vulnerability assessments and penetration testing methodologies.
• Two Years experience with testing tools including NESSUS, METASPLOIT, CANVAS, NMAP, Burp Suite and Kismet.
• Minimum of 1 year of experience authoring formal penetration testing or security assessment reports.
• Minimum of 2 years of experience using, administering, and troubleshooting Linux operating systems.
• Minimum of 2 years of experience using, administering, and troubleshooting Windows Server or Linux servers, including IIS or Apache.
• Proficiency with penetration testing and assessment tools, including Nessus, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet.
• Strong understanding of TCP/IP protocols, networking concepts, and network architectures.
• Knowledge of open security testing standards and projects, including OWASP.
• Understanding of PCI DSS testing requirements.
• Knowledge of database, application, and web server design and implementation.
• Experience with wireless LAN security testing methodologies and tools.
• Experience scripting in one or more of the following languages: Perl, Python, Ruby, Bash, or Java.
• Demonstrated written documentation and oral presentation skills.
• Ability to clearly communicate technical findings to both technical and non-technical audiences.
• US Citizenship
• Secret IT-2 Clearance requirement

Responsibilities

• Perform penetration testing of applications, systems, and network enclaves to identify security weaknesses and vulnerabilities.
• Assess enterprise systems using offensive cybersecurity techniques and provide actionable recommendations to reduce risk and improve the organization’s overall cybersecurity posture.
• Conduct application, network, and wireless penetration testing in accordance with approved methodologies and rules of engagement.
• Identify security flaws in computing platforms, applications, and network architectures and develop mitigation strategies to address identified risks.
• Apply offensive cybersecurity testing techniques, including manual and automated testing methods.
• Coordinate penetration testing activities and schedules with internal stakeholders, system owners, and external partners as required.
• Perform network vulnerability assessments and exploitation testing across on-premises and enclave-based environments.
• Execute wireless security assessments, including identification of rogue access points and insecure configurations.
• Analyze test results and document findings, including severity, impact, and recommended remediation actions.
• Prepare and deliver technical assessment reports and briefings to leadership and technical teams.
• Support compliance-driven testing efforts, including PCI DSS and other applicable security standards.
• Contribute to continuous improvement of enterprise cybersecurity posture through lessons learned and testing feedback.

Benefits

• health
• dental
• vision
• 401K
• life insurance
• short-term and long-term disability plans
• vacation time
• holidays