Overview Job Title: Security Tester Location: Springfield, VA (100% telework currently) Clearance: Secret Telework: Yes Job Description Foxhole Technology is seeking a Security Tester in support of a Government client. The individual should be capable of cybersecurity testing activities across multiple technologies, assets, and networks. The effort requires testing of operating systems, databases, network fabric assets, web applications, web services, APIs, source code, and wireless communications. To thoroughly test these sorts of technologies, individuals must be well-versed in vulnerabilities and weaknesses that can affect these assets. Individuals supporting this effort should be cabable of the following: * Maintain and stay current with in-depth technical knowledge of security testing tools in use by the customer and testing techniques. * Perform automated security testing, manual validation of automated results, and manual configuration validation of items not covered by automated testing, for assigned area * Make recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified. * Provide recommendations to update existing, or create new, processes and procedures to improve the security testing program. * Engage with testing stakeholders to gather all required information needed to create detailed test plans. * Conduct security testing using the provided automated testing tools in conjunction with manual configuration validation techniques. * Have experience with the following primary tools: SuperScan, NMAP, Nessus Professional, Tenable.sc. Additional supplementary tools are available. * Handle the installation, use, and technical troubleshooting of all security testing tools, to include the creation of any customized configurations within the testing tools to complete testing engagements. * Validate target lists and perform discovery scans of target subnets to determine if assets exist within subnets which have not been identified for testing. * Troubleshoot any technical issues preventing successful completion of testing engagements within the scheduled time allotted for the engagement (ie insufficient credentials, whitelisting not implemented, no network access, etc.). * Validate and enrich results generated by automated testing tools. Example activities include identification of false positive findings generated by testing tools, adjustment of finding severities based on specific considerations within, or associated with, the affected target. * Participate in findings meetings to review and provide input on the validity of operating system stakeholder responses to findings. * Provide Subject Matter Expertise for a variety of topics concerning operating systems in a variety of formats (verbal or written). * Work during non-core business hours, holidays, weekends, and on an as-needed basis in order to support off-hours testing, when required. This is estimated to occur approximately 30 days each year. * Travel on a periodic basis to support remote testing when required. This is estimated to occur five (5) days each month for local sites (ie within fifty (50) miles of HQ), and approximately ten (10) days each quarter to sites further than fifty (50) miles. * Support ad-hoc operating system testing engagements of a non-standard nature as they are identified to provide a benefit to IAD's security testing requirements. * Additional duties as assigned in support of this security testing effort. Minimum Requirements * Direct knowledge of current cybersecurity testing and experience with a variety of tools and environments * At least three (3) years of experience performing security assessments for the targeted technology (Operating Systems, Databases, Network Assets, Web Applications, and Mobile Applications) * At least one (1) year of experience performing security testing of Federal IT systems * Possess a Secret clearance and ability to obtain a TSA EOD More Information