Penetration Tester

About The Position

Requirements

• Hold or eligible for Top Secret/SCI security clearance with CI polygraph. Investigation or CV date within 5 years.
• Professional certifications to meet DoD 8570 IAT II requirements.
• Specialized penetration testing focused certification (CEH, Pentest+, GPEN, OSCP, etc.)
• Experience with at least one of the following scripting languages (PowerShell, Bash, Python, Ruby, Node.js)
• Experience performing web application security assessments.
• Experience with TCP/IP protocols as it relates to network security.
• Experience with offensive tool sets including Kali Linux, Metasploit, CobaltStrike, Intercepting Proxies, etc.
• Experience in using network protocol analyzers and sniffers, as well as ability to decipher packet captures.
• Capable of conducting penetration tests on applications, systems and network utilizing proven/formal processes and industry standards.

Responsibilities

• Perform penetration tests on computer systems, networks, and applications.
• Create new testing methods to identify vulnerabilities.
• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection.
• Pinpoint methods and entry points an attacker may use to exploit vulnerabilities or weaknesses.
• Search for weaknesses in common software, web applications and proprietary systems.
• Research, evaluate, document, and discuss findings with IT teams and management.
• Review and provide feedback for information security fixes.
• Establish improvements for existing security services, including hardware, software, policies, and procedures.
• Identify areas where improvement is needed in security education and awareness for users.
• Be sensitive to corporate considerations when performing testing (i.e., minimizing downtime and loss of employee productivity)
• Knowledgeable of the latest malware and security threats.
• In depth understanding of emerging threats, vulnerabilities, and exploits.