Sr. Penetration Tester

Employer
AboutWeb
Location
Washington D.C.
Posted
Jun 05, 2017
Closes
Jul 04, 2017
Function
IT, QA Engineer
Hours
Full Time
About Web is currently seeking qualified candidates for a Sr. Penetration Tester in Washington, DC.

General Description of Duties:

" Conduct both remote and on-site penetration testing operating within defined rules of engagement.
" Scan web applications and develop tools and techniques for continuous real time assessment of web applications.
" Provide in-depth analyses of penetration testing results and recommend mitigation strategies.
" Evaluate penetration testing tools and techniques.

The Penetration Tester provides security assessment and testing for a Federal client. The Penetration Tester will analyze systems and applications for vulnerabilities, validate the vulnerabilities, and where possible exploit the vulnerabilities in a controlled and safe manner. The Penetration Tester will also develop recommendations to mitigate the vulnerabilities and will communicate the residual risk. The job also includes developing and maintaining threat models, penetration testing tools, techniques and procedures. The individual must have an intimate knowledge of various operating systems, networks, network security, firewalls, and security protocols, cryptographic standards and PKI. Candidates should also have experience with scripting/coding, secure development, and open source security testing methodologies. Candidates should be familiar with NIST 800 series guidance including NIST 800-40 Rev 3, 800-41 Rev 1, and 800-37 Rev 1. Experience in remote and on site penetration testing, phishing exercises, and intrusion detection are strongly desired. The position requires 28-30% domestic travel; an ability to work with clients resident in multiple time zones; a demonstrated capacity to analyze, review, and occasionally apply technology solutions which meet the security control requirements specified by the Department of Energy, FISMA, OMB, and NIST guidance. Superior technical, writing, and presentation skills are required, as well as excellent organizational skills, attention to detail, excellent customer service skills, knowledge of Microsoft Office, the ability to multitask, and excellent written and verbal communication skills. Certified Information Systems Security Professional (CISSP), NSA INFOSEC IAM/IEM, and/or Certified Ethical Hacker (C|EH) certifications are highly desirable.

Security clearance: Must be able to obtain and continue to hold a DOE Q or DOD TS security clearance