A penetration tester (pen testers) will try to break into or identify vulnerabilities in different systems and software. Pen testers are expected to run a number of tests, and fill out assessment reports about what they have discovered. They will run both pre-determined types of tests and design, develop and implement their own.
The Tester will work with the Lead Pen Tester and our SEC client to determine penetration test and vulnerability assessment objectives. Various application and server environment, social engineering and phishing campaigns will be performed during the engagement. We are looking for candidates who are highly organized, can work independently in a fast-paced environment and produce multiple quality deliverables within defined deadlines. Candidates should be self-starters and creative problem solvers and have the flexibility to learn new products and technologies quickly.
CLEARANCE(S) REQUIRED FOR CONSIDERATION
Applicants must qualify for an SEC clearance to be considered for employment.
The tester will perform their duties from the SEC Headquarters in Washington DC.
Travel is not necessary.
WORK EXPERIENCE REQUIREMENTS
Minimum of 5 years performing security testing and vulnerability assessments. Additionally, the candidate should:
· Have a strong understanding of the Ethical Hacker processes and procedures in a high security environment.
· Have a strong understanding of FISMA, and the NIST 800 series of documents, particularly 800-53 and 800-37
· Have an ability to communicate effectively, verbally and in writing, to interact effectively with internal and external vendors, project team members, management and agency departments, to build relationships and use facilitation skills with both technical and non-technical personnel
· Have an ability to write, edit, and prepare graphic presentations of technical information for both technical and business personnel Organize and write supporting documents/artifacts describing penetration testing and vulnerability assessment activities (including detailed rules-of-engagement documents and step-by-step procedures)
· Have the ability to create documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels
· Have the ability to create documentation that can readily to be added to Agency procedures
· Have the ability to revise documents and artifacts as tactics and technics evolve to address new and emergent threats and trends
Four year college degree or Associate’s degree and two years of professional experience