The Penetration Tester supports a portfolio of cyber security environments for a Federal client. The Penetration Tester will perform passive and active analysis of systems for any potential vulnerabilities or weaknesses; conduct hands-on security evaluations; conduct threat modeling; penetration test applications, web sites, systems and infrastructure; and engineer security solutions to mitigate risk. The job also includes developing and maintaining security tools, techniques and procedures to facilitate security testing, vulnerability detection, validation and mitigation. Attributes include: intimate knowledge of NIST 800-40 v2, 800-41, 800-42, and open source security testing methodologies; knowledge of NIST 800 series guidance; proficiency with various firewall, network, host, and application security protocols, tools, and technologies; secure software development and scripting/coding experience; software quality assurance; and an intimate knowledge of cryptographic standards, ciphers, algorithms, and PKI. The successful candidate has experience in some of the following: remote and on site penetration testing, performing phishing exercises, networking, and security, including all elements of LAN/WAN Internet, vulnerability assessments, intrusion detection, encryption, and firewalls. The position requires 28-30% domestic travel and an ability to work with clients resident in multiple time zones.
General Description of Duties:
1. Conduct both remote and on-site penetration testing based on specific rules of engagement.
2. Test penetration testing tools for potential use.
3. Perform web application vulnerability assessments.
4. Other duties as assigned.
Education: Bachelor’s and Master’s degrees or equivalent experience. Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), NSA INFOSEC IAM/IEM, and/or Certified Ethical Hacker (CEH) are highly desirable.
Experience: Minimum of ten (10) years IT/technical experience is required, to include eight (8) or more years of progressive information security experience with Federal Government projects. Additional experience with the most recent FISMA regulations, NIST special publications, FIPS publications, and OMB regulations is required.
Skills: The position requires a demonstrated capacity to analyze and apply technology solutions which meet the security control requirements specified by the Department, FISMA, OMB, and NIST guidance. Superior technical skills are required. Requires excellent organizational skills and attention to detail, excellent customer service skills, working knowledge of Microsoft Office, ability to multitask, and excellent written and verbal communication skills.
Unique Requirements: Candidate will be subject to a security investigation and will need to meet eligibility requirements for access to classified information. Must be clearable to Top Secret (TS)/DOE Q. Prefer active DOE Q Security Clearance. Candidate must be available for domestic travel 28-30% of the time.
US Citizenship is a requirement for this position. Candidate may be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Security clearances are a plus.
Positive Attitude: Demonstrates the ability to look for opportunities in the midst of challenges; brings forth solutions to difficult situations and issues; delivers difficult communications with an eye towards lessons learned and opportunities to be gained at an individual, client, and company perspective.
Effective Communication: Communicate clearly and effectively when delivering verbal and written communications; speaking (and listening) is clear, empathetic, non-defensive and non-judgmental; builds strong, trusting, and rewarding relationships, thinks creatively, solve problems, and resolve conflicts.
Competence: Being current and forward thinking in one’s area of responsibility; demonstrating the ability to work through and anticipate challenges and issues proposing sound solutions to complex problems.
Commitment: Service driven perspective, understanding the importance and significance of your role and the impact of your performance on you, your team, the client, and the company. Demonstrates a willingness to do what is needed to further the mission and vision of the company and client.
Resilience: The ability to be flexible in the face of changing employee, client, or company requirements and requests; recovers and redirects efforts appropriately in the face of any deviation or disruption in service or resources.
While performing the duties of this job, the employee is regularly required to talk, hear, and use hands to finger, handle or feel objects, tools, or controls. The employee is occasionally required to reach with hands and arms. Specific vision abilities required by this job include close vision. The employee must occasionally lift or move up to 25 pounds.
All applicants will be required to consent to a pre-employment drug screening and may be subject to random testing thereafter.