The Remote Penetration Testing (RPT) is a thorough assessment of a customer’s external facing infrastructure. It includes but is not limited to a very thorough, hands-on Web Application test, security tests against internet-accessible network assets, phishing payload testing and open source intelligence gathering. At the conclusion of the assessment, the customer is provided a report with any external vulnerabilities found. RPT uses a dedicated remote team to assess and identify vulnerabilities and work with customers to eliminate exploitable pathways. RPTs are similar to Risk and Vulnerability Assessments but focus only on externally accessible systems with a tradeoff made for more service capacity at the expense of assessment scope.
- Knowledge of script writing and crafting of payloads
- Knowledge of database operations and system/network administration
- In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)
- Ability to operate in a critical fashion in dynamic environments
- Knowledge of FISMA and NIST 800 series standards
- In-depth knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing
- In-depth knowledge of the procedures of Phishing Assessments, Wireless Assessments, Operating System Security Assessments, and Database Assessments
- Bachelor's Degree and 2-3 years’ work experience or equivalent experience
- At least one related industry certification (OSCP, OSCE, GPEN, GXPN, or equivalent).
- Experience with coordinating assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance
- Experience operating assessment tools in accordance with VM Assessment Standard Operating Procedures
- Experience developing documentation and reporting (ex. Assessment report)
- US Citizen with ability to obtain a Public Trust