The Risk & Vulnerability Assessment (RVA) Team will perform a two (2) week, seven (7) tiered assessment that provides a wide scope of testing to include, but not limited to, phishing, web application testing, and internal testing. RVA is geared towards testing the security posture of the systems in place and determining the reach and breadth an attacker would have against the target environment. Seven key areas are tested, and the findings are validated and reported. At the end of the two (2) week assessment, the customer is briefed on those findings and their potential impact in addition to a receiving a full report.
- Knowledge of script writing and crafting of payloads
- Knowledge of database operations and system/network administration
- In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)
- Ability to operate in a critical fashion in dynamic environments.
- Knowledge of FISMA and NIST 800 series standards
- In-depth knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing
- In-depth knowledge of the procedures of Phishing Assessments, Wireless Assessments, Operating System Security Assessments, and Database Assessments
- Serves as liaison and coordinates operations between the federal lead and the Level I contract support.
- Serves as Subject Matter Expert for the team and guides operational tempo at the discretion of the Federal Lead.
- Attends and participates in Briefings and Conference Calls with Federal lead before and after assessment, providing technical expertise when required.
- Bachelor's Degree and 5+ years’ work experience or equivalent experience
- At least one related Penetration Testing certification (CEH, eJPT, OSCP, OSCE, GPEN, GXPN, or equivalent).
- Must be willing to travel 25% - 50% per month.
- Experience with coordinating assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance.
- Experience operating assessment tools in accordance with VM Assessment Standard Operating Procedures
- Experience developing documentation and reporting (ex. Assessment report)
- Desired Qualifications:
- Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
- Cloud experience a plus (AWS or Azure)
- U.S. Citizenship with the ability to obtain Public Trust approval and DHS Suitability (EOD)
- Ability to obtain TS/SCI Clearance