This position will work a rotating hybrid schedule in Arlington, VA. WEEK 1 - 2 days onsite, 3 days remote WEEK 2 - 3 days onsite, 2 days remote. This role supports the Penetration Testing (Red Cell) Team. What you’ll do:
Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures. Helps customer perform analysis and mitigation of security vulnerabilities.
Perform and report on penetration testing of systems including cloud to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF).
Stay abreast of current attack vectors and unique methods for exploitation of computer networks.
Provide support to incident response teams through capability enhancement and reporting.
Assist in maintaining Red Cell infrastructure.
Develop or modify tools that automate discovery or exploitation (e.g. bash, Python, JavaScript,powershell).
Qualifications: Required qualifications: To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
A Bachelor of Science degree and 5 to 7 years of experience is required. In lieu of a Bachelor's degree, 4 years of additional experience may be substituted
US citizenship required with the ability to obtain interim Top Secret security clearance before starting.
Must be able to work a hybrid schedule.
Basic understanding of networking and security principles.
Familiar in evaluating system security configurations.
Understand common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc.
Fundamentals of network routing & switching and assessing network device configurations
Familiarity in evaluating findings and performing root cause analysis.
Ability to work alone or in a small group.
Preferred Qualifications Candidates with these preferred skills will be given preferential consideration:
Possess Sec+, Net+, CEH or other Penetration Testing or Security based certifications