Penetration Tester – TS/SCI with Poly
Access Talent Today, LLC
- Mc Lean, VA
Overview of Responsibilities and Duties:
- Plan, coordinate and conduct security assessments for applications, systems and enterprise networks. Proactively identify weaknesses and ensure that devices, applications, services, and systems are designed and implemented to the highest standards and remain resilient to modern threats.
- Conduct engagements that simulate adversarial threats and attacks in a timely manner within approved scopes by taking the vulnerabilities out of the theoretical realm to truly demonstrate the risk with the use of existing tools as well as self-created tools.
- Create and & Customize exploits and reversing binaries to find security vulnerabilities. Assist with the design, development and recommendation of security solutions or new policies, standards and procedures.
- Establish an excellent trust relationship with the organization and with cyber defenders to ensure acceptable levels of risk are always maintained for the organization.
Minimum Experience & Educational Requirements:
- Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity (equivalent professional experience can be used in lieu of a degree).
- Professional Security Certifications (OSCP/OSCE-Offensive Security Certified Professional/Expert, GXPN-Sans GIAC exploit researcher and advanced Pen Tester, CRTOP-Certified Red Team Operation Professional, etc).
- 5+ years of InfoSec Experience preferably in penetration testing, red teaming, reverse engineering and vulnerability management.
- 2+ years’ experience within the governmental sector is highly desired.
Experience and knowledge in Security Assessments, required as follows:
- Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level.
- Develop Rules of Engagement, scoping documents and reports.
- Perform manual penetration tests and validation of vulnerability scan results
- Develop automation/scripts for replicating vulnerability validation and penetration tests.
- Devises plans and scenarios for various types of penetration tests
- Conducts vulnerability assessments to detect susceptibility to intentional or unintentional intrusion, abuse, or denial of service within systems/networks. Monitors and assesses patch compliance.
- Documents vulnerabilities, relevant exploits, attack capabilities, propagation characteristics and remediations in applicable risk assessment reports.
- Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
- Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests
- Performs off-hours work as necessary
- Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Prior experience or expertise performing Red team exercises will be a plus
Required, Hands on technical experience and knowledge in Penetration Testing, as follows:
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
- Examines malicious software, such as bots, worms, and Trojan Horses. Performs reverse-engineering to assess the threat.
- Expertise in performing advanced exploitation and post-exploitation attacks as part of ethical hacking exercises
- Experience in CTF competitions, CVE research and/or Bug Bounty recognition
- Experience in conducting social engineering focused assessments
- Experience in Web based application/service, wireless and network assessment in enterprise infrastructure
- Experience in reverse engineering, malware analysis, forensic tools and developing signatures for detecting malware presence will be an added advantage.
- Collaboration with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
- Strong analytical and problem-solving skills to enable effective security incident and problem resolution.
- Ability to work well under minimal supervision.
- Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel.
Monday, July 27, 2020