Penetration Tester, Senior
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.Penetration Tester, Senior
Work in a challenging environment that combines technical security operations talent with business consulting skills to deliver industry leading IT security testing services. Join a team of security enthusiasts that perform cutting-edge research and promote an environment of innovation and knowledge-sharing. Lead enterprise and system focused network and application penetration test and red team engagements for a wide variety of clients, including federal government and commercial clients across multiple market sectors, working with a team of 10+ seasoned security testing professionals to enhance existing services offerings and security testing capabilities. Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Windows or *nix, conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities of client networks, and develop comprehensive and accurate reports and presentations for both technical and executive audiences. Communicate findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel. Apply security testing and penetration testing techniques and mindset to a wide range of projects. Act as the primary interface and lead for small penetration test teams ranging from one to three additional testers and manage the delivery of staff assignments, as needed.
-7+ years of experience in two or more of the following: network vulnerability assessments, Web application security testing, network penetration testing, red teaming, or security operations or hunt
-Experience with using, administering, and troubleshooting at least two major platforms of Linux, including Ubuntu and Red Hat
-Experience with Windows environments and Active Directory concepts
-Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code
-Experience with tools, including Nessus, WebInspect, AppDetective, Hailstorm, Metasploit, Burp Suite Pro, Aircrack-ng, and Kismet
-Knowledge of applications, database, and Web server design and implementation
-Knowledge of open security testing standards and projects, including OWASP
-Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff
-Ability to obtain a security clearance required
-Experience with assembly languages, including x86 or reverse engineering
-Experience with wireless LAN security, including 802.11 standards
-Experience with phishing and other social engineering tactics
-Experience with hardware reverse engineering using JTAG or UART
-Experience with physical security assessments, including the use of proxmark3 or similar proximity card spoofing or copying device
-Ability to display enthusiasm for security and technology
-BS degree in Computer Engineering or CS or a technical field preferred
-OSCP, OSCE, or OSWE or SANS Certification preferred
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.
We are proud of our diverse environment, EOE, M/F/Disability/Vet.