Get more qualified candidates and reduce your costs with our guaranteed recruiting solutions

Talk to an expert today

2689 - Penetration Tester

Linthicum, Maryland
TS/SCI

OVERVIEW:

This Attack Emulation Team (AET) Team Operator position supports the Customer and participates as a team member to deliver AET services and to address stakeholder needs in the context of AET services.  The AET Assessment team Operator Role leads the penetration test part of the assessment. They are responsible for developing the testing results appendix of the report. They may also contribute to other portions of the assessment report. As needed, the OP supports the Technical Exchange Meeting or other meetings.

The AET Operator will participate with the AL, TL in the planning phase of the AET Assessment activities.  They will apply technical and professional skillsets to lead the Technical Exchange Meeting (TEM) and support the scoping section of the Technical Exchange Meeting (TEM) which consists of interviews with individual or group SMEs to complete the Rules of Engagement (ROE) activities, achieve clarification, or lead to the location of evidence.  They communicate and share information gained during the TEM with the entire assessment team.  They work directly with the AL, TL and organization POC to successfully plan and execute the assessment, as well as notify and support the assessment services.  They participate in assessment activities and perform the adversarial emulation testing tasks assigned by the AL, TL.  Participate in the post-execution out brief to the POC and SMEs, to present preliminary observations as a result of the TEM.  Contribute to the draft of the AET Assessment reports.  Identify potential improvements to the target organization security posture that are related to organizational system(s) use and interconnections, as well as identifying strengths and weaknesses in incident management capabilities that are applicable to protecting and sustaining the organizational system(s).

REQUIRED QUALIFICATIONS:

  • BS 10-12, MS 8-10, Phd 5-7
  • Experience and familiarity with the assessment methods defined in NIST SP 800-30 Rev. 1 and NIST SP 800-53A Rev. 4 (interview, examine, and test)
  • Experience in drafting written reports
  • Extensive experience in reviewing and examining data and information that supports cybersecurity assessments
  • Experience in pen testing fundamentals
  • Experience in Kali Linux and its toolsets, including Metasploit
  • Experience in pen testing tools including scanners like Nessus and Nmap
  • A minimum of three years of the following experience:

          - Performing authorized pen testing on enterprise networks;

          - Gaining access to targeted networks;

          - Applying expertise to enable new exploitation and maintaining access;

          - Obeying appropriate laws and regulations;

          - Providing infrastructure analysis;

          - Performing analysis of physical and logical digital technologies;

          - Conducting in-depth target and technical analysis;

          - Creating exploitation strategies for identified vulnerabilities;

          - Monitoring target networks; and

          - Profiling network users or system administrators and their activities

DESIRED QUALIFICATIONS:

  • One or more nationally recognized information system auditing certifications, for example

         - OSEP (Offensive Security Experienced Penetration Tester)

         - OSCP (Offensive Security Certified Professional)

         - GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

         - GPEN (GIAC Certified Penetration Tester)

         - LPT (Licensed Penetration Tester)

CLEARANCE:

  • TS/SCI minimum
Apply for job