Penetration Tester - TS/SCI w/ Polygraph

About The Position

Requirements

• Must have experience with penetration testing tools.
• Must have experience in web development and programming languages such as Java, XML, Perl and HTML.
• Must have experience with programming/scripting in Python, Powershell, C, JavaScript, etc.
• Must have extensive experience performing IT security risk assessments.
• Must have experience performing web app and physical pentests.
• Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective.
• Must have experience with or strong familiarity of Kali.
• Must have experience with or strong familiarity of IPS/IDS solutions.
• Must have a strong understanding of the Cyber Kill Chain methodology.
• Must have experience applying Risk Management Framework.
• Must have experience with secure configurations of commonly used desktop and server operating systems.
• Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration.
• Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues.

Nice To Haves

• Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience.
• Certifications in one or more of the following areas strongly preferred:
• GIAC Web Applications Penetration Tester (GWAPT)
• GIAC Penetration Tester (GPEN)
• Certified Ethical Hacker (CEH)
• Certified Information Security Manager (CISM)
• Certified Web Application Defender (GWEB)
• Certified Information System Security Professional (CISSP)
• Extensive experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Extensive experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass development, design, and implementation.

Responsibilities

• Perform internal and external pentests against systems to determine vulnerabilities and develop mitigation strategies.
• Perform web app pentests.
• Perform vulnerability risk assessments.
• Perform physical pentests and social engineering analysis.
• Perform cyber incident response as needed.
• Evaluate the impact of new development on the operational security posture of IT systems.
• Evaluate, review, and test critical software.
• Formulate security compliance requirements for new system features.
• Identify and remediate security issues throughout the system.
• Audit and assess system security configuration settings using common methodologies and tools.
• Work with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors, and remediation approaches.
• Work closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architecture and implementations meet strict security requirements.
• Propose, assess, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
• Serve as a Subject Matter Expert in security architecture, to include providing advice to Program Managers, Customer technical experts, and internal program teams.