Penetration Tester
$81,000 - $140,000/Yr
Alpha Omega - Vienna, VA
posted about 2 months ago
Full-time - Mid Level
Remote - Vienna, VA
251-500 employees
Merchant Wholesalers, Durable Goods
About the position
The Penetration Tester will join Alpha Omega's cybersecurity team to support federal customers by identifying and addressing cyber vulnerabilities. This role involves conducting penetration tests on various systems, particularly focusing on AI applications, and providing detailed reports on findings and remediation strategies. The position requires collaboration with system administrators and information system security officers (ISSO) to ensure effective remediation of identified vulnerabilities.
Responsibilities
- Conduct penetration testing using approved tools and best practices
- Test AI models and applications, including GenAI models and applications
- Collaborate with Policy team members to develop technical standards for testing AI models and applications
- Create detailed reports including the findings and suggested remediations
- Perform security research to remain current on emerging technology trends
- Conduct risk-based assessments based on penetration testing findings and brief the same to senior leadership
- Review and suggest changes to Rules of Engagement to ensure outcome provides desired results
- Work with system teams and ISSOs on understanding of findings and remediation guidance
- Manage and support development of pen testing SOPs
- Design scenarios for testing based on TTPs used by threat actors
Requirements
- No degree: 9 years relevant experience
- Bachelors: 5 years relevant experience
- Masters: 3 years relevant experience
- Experience with packet analysis
- Familiarity with standard web security vulnerabilities (e.g., SQL injection, XSS, CSRF)
- Skills in network-level security testing to assess
- Experience with hardening and remediation
- Experience conducting code reviews to identify risks & weaknesses
- Team-player that can effectively collaborate and communicate with cross-functional stakeholders
- Excellent written and verbal communication skills
- Experience documenting assessment findings and explaining risks to system stakeholders, including senior leaders
- General understanding of cloud environments and API security
Nice-to-haves
- 3+ years using Standard penetration testing suites (Metasploit, nmap, burp suite, KaliLinux, etc.)
- Familiarity with common types of AI models (e.g., supervised, unsupervised, reinforcement learning) and their specific vulnerabilities
- Working proficiency in Python an asset
- Familiarity of AI-related cybersecurity threats (Data poisoning, model tampering, extraction, etc.) and methods to test for model vulnerabilities
- Perform work after-hours as testing requires
- Familiarity with MITRE ATT&CK framework
- Working knowledge of various enterprise technology stacks used to build applications in the cloud
- Working knowledge and experience in AWS and Azure GovClouds
Benefits
- PTO including paid parental, military, and bereavement leave
- Eleven (11) paid Federal holidays, five of which are floating holidays
- Health and Dental Insurance (including 100% employer paid premiums for employee coverage under the HDHP health plan)
- Life Insurance, STD/LTD term disability coverage, with employer paid premiums
- 401 (k) plan with a match that is 100% vested after you complete two years of service
- FSA/DFSA/HSA flexible benefit plans
- Annual Tuition & Professional Development Reimbursement benefit
