Senior Cybersecurity Penetration Tester

About The Position

Requirements

• Minimum of 5 – 7 years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures.
• Proven experience conducting penetration tests of web applications, networks, and other systems.
• Experience with a variety of penetration testing tools and techniques (e.g., Rapid7 Nexpose, Appspider Pro, Metasploit, Cobalt Strike and/or Burp Suite).
• Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI
• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP)

Nice To Haves

• In addition to the IA baseline, a CSSP Auditor cert is preferred (e.g., CEH, CySA+, CISA, GSNA, CFR or PenTest)

Responsibilities

• Conduct penetration tests of web applications, mobile applications, networks, cloud environments, and other systems.
• Utilize a variety of tools and techniques to identify vulnerabilities, including SQL injection, cross-site scripting (XSS), buffer overflows, and other common attack vectors.
• Perform reconnaissance to gather information about target systems and networks.
• Develop and execute exploit code to demonstrate the impact of identified vulnerabilities.
• Bypass security controls and evade detection.
• Perform vulnerability assessments using automated scanning tools and manual techniques.
• Analyze scan results to identify false positives and prioritize vulnerabilities.
• Develop custom scripts and tools to automate vulnerability assessment tasks.
• Document all findings in detailed and comprehensive reports, including descriptions of vulnerabilities, methods used to exploit them, and recommendations for remediation.
• Present findings to stakeholders, including technical teams and management.
• Create and maintain documentation on penetration testing methodologies, tools, and techniques.
• Provide guidance and technical assistance to system owners and developers on vulnerability remediation.
• Validate remediation efforts to ensure that vulnerabilities have been properly addressed.
• Conduct retests to verify the effectiveness of implemented security controls.
• Stay up-to-date on the latest security threats, vulnerabilities, and attack techniques.
• Research and evaluate new penetration testing tools and methodologies.
• Develop custom tools and scripts to enhance penetration testing capabilities.
• Contribute to the development of security policies and procedures.
• Collaborate with other cybersecurity professionals, including security architects, incident responders, and security engineers.
• Share knowledge and expertise with team members.
• Participate in security training and awareness programs.
• Conduct all penetration testing activities in a legal and ethical manner, adhering to established rules of engagement.
• Protect the confidentiality and integrity of sensitive data.
• Respect the privacy of users and systems.

Benefits

• health care
• dental
• vision
• life insurance
• 401(k)
• education assistance
• paid time off including PTO, holidays, and any other paid leave required by law