Red Team Penetration Tester, Mid
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.Red Team Penetration Tester, Mid
Assess adversarial threat-based approaches to expose and exploit government Computer Network Defense (CND) vulnerabilities as a means to identify weaknesses and to improve the security posture and operational procedures used to protect government Information Systems and Computer Networks. Test and validate the effectiveness of clients' IT security posture in accordance with CJCSI 6510.01F, CJCSM 6510.03, and Red Team Evaluation Scoring Matrix (ESM). Work collaboratively as part of a team and assess and determine exploitability of any asset on the DOD enterprise backbone, including Server and Workstation Devices, such as Windows, Unix, and Linux, Network Devices, such as Routers, Switches, and Video Teleconference, Storage Devices, such as Fiber Channel Switches, Network Attached Storage, and Storage Controllers, Applications, such as Web, Database, E-mail, FTP, and SSH, and Security Devices, such as Firewalls, Intrusion Detection Systems, and Web Content Filters. Conduct rapid assessments, including Social Engineering and Penetration testing approaches for vulnerability identification, enumeration, and purposeful exploitation, and to determine the value and effectiveness of a network, system, or application's security configuration.
-3+ years experience with Cybersecurity vulnerability testing with a focus in Red Team and Penetration test missions
-Experience with using vulnerability scan tools
-Knowledge of DOD enterprise backbone, Server and Workstation Devices, including Windows, Unix, and Linux, Network Devices, including Routers, Switches, and Video Teleconference, Storage Devices, including Fiber Channel Switches, Network Attached Storage, and Storage Controllers, Applications, including Web, Database, E-mail, FTP, and SSH, and Security Devices, including Firewalls, Intrusion Detection Systems, and Web Content Filters
-Top Secret clearance
-BA or BS Degree
-DoD 8570 - IAT II Certificaiton, including CCNA - Security, CISP, GSEC, Security+ CE, or SSCP)
-Technical or administrator certification, including Linux+ or equivalent within six months after start date
-Experience with vulnerability scan tools, including ACAS, HP Fortify, OAT Scan, Web Inspect, BurpSuite, CheckMarx, Nessus, AppScan, GitHub, or WebInspect
-Experience in working with DoD STIGs and STIGviewer, SCAP Compliance Checker, and Open SCAP
-Ability to produce briefings and reports for a senior-level audience
-Ability to develop effective working relationships that improve the quality of work products
-Ability to be well-organized and thorough, and to handle competing priorities
-Possession of excellent oral and written technical communication skills
-BA or BS degree in IT, Cybersecurity, or a related field
-IAT III Certificaition, including CASP CE, CISA, CISSP or Associate, GCED, GICSP, or GCIH
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.
Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems. by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.
We are proud of our diverse environment, EOE, M/F/Disability/Vet.