Penetration Tester

About The Position

Requirements

• 3+ years’ experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, social engineering
• Strong knowledge of testing simulated intrusion attempts and physical penetration testing
• Proficiency in the testing and assessment of mobile operating systems, embedded systems and/or IoT devices
• Familiarity with unmanned aerial vehicles and associated mobile and wireless technologies
• Proficiency of various operating systems: Windows, iOS, Android, Mac or Linux
• Proficiency with cloud technology and deployments: Amazon Web Services, Microsoft Azure, Google Cloud Platform
• Moderate competency in at least one scripting and/or coding language
• Working knowledge of software development, with preference for experience working around software development teams and efforts
• Experience in network analysis methodologies
• Experience in drafting reports, documenting case details, and being able to summarize findings and recommendations based on system analysis
• Demonstrated strong written and verbal communication skills
• BS (or equivalent) in Cybersecurity, Information Security, IT, EE, Network Engineering, Computer Science, or related field
• Willingness to travel
• US Citizenship and an active Top Secret/SCI security clearance required

Nice To Haves

• Familiarity with container technologies to include container orchestration and microservices
• Experience with DevSecOps and adjacent tools; strong preference for experience with Kubernetes, software development pipelines
• Security Certification: CEH, OSCP, PNPT or similar security/pentesting certs
• Experience employing advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis
• Experience in performing post-incident computer forensics without destruction of critical data.
• Desired experience ensuring quality assurance and the spreading of best practices
• MS degree in technical field
• Security+ Certification

Responsibilities

• Plan and perform continuous cross-domain vulnerability assessments, full-scale penetration testing and red team operations.
• Conduct network and application security vulnerability analysis.
• Analyze commercial and federal mission systems to identify potential vulnerabilities.
• Provide and implement remediation strategies to customers.
• Conduct open-source research on clients and their infrastructure to identify data leakage.
• Develop custom tools and exploits for targeting unique client systems and building internal testing capabilities.
• Prepare assessments and presentations of analyses and findings.
• Develop and maintain analytical procedures.
• Lead the technical aspect of a specific, long-term penetration testing effort.
• Conduct varied testing efforts against applications and networks for the federal government.
• Develop a continuous campaign-based assessment that emulates the target’s real-world adversaries by developing new tools specific to the target.
• Integrate into ongoing testing efforts, requiring subject matter expertise in multiple disciplines of vulnerability testing and assessment.
• Interact and liaison directly with clients.
• Write and document findings.

Benefits

• EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.