|Preferred GIAC Certifications||GPEN, GWAPT, GCIH, GSEC|
|Contact Name||Peter VanBuskirk|
The Senior Penetration Tester provides Penetration Testing and Vulnerability Analysis support to a cabinet level federal agency. They contribute to a team of information assurance professionals working to improve technical security posture.
Daily responsibilities include: Execution of pen testing and vulnerability analysis on web applications, network infrastructure, operating system infrastructures, and virtual environments. Briefing executive summaries and findings to stakeholders. Creating unique exploit code, bypassing AV, and mimicking adversarial threats. Assist in performing analysis and mitigation of security vulnerabilities with personnel throughout the globe. Writing deliverable test reports. Maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities. Mentoring junior and middle level staff members.
- Must possess eight (8) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling. Be a self-starter with keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition the candidate must possess the following skill set:
- Able to conduct Penetration Tests and Vulnerability Analysis using Automated and Manual TTPs.
- Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
- Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp Suite, Metasploit Framework/Pro, and the Social Engineering Toolkit.
- Must have solid working experience and knowledge of Windows and Unix/Linux operating system
- Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/*nix)
- Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
- Strong familiarity with at least one of the following: OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
- Top Secret clearance
- Master’s degree in Computer Science, Information Systems, Engineering, Telecommunications, or similar field
- Certifications preferred but not required: GPEN, GWAPT, OSCP, GSEC, GCIH, GCIA, or other penetration testing certificates