Senior Penetration Tester

$119,000 - $145,000/Yr

Skyepoint Decisions - Arlington, VA

posted 3 months ago

Full-time - Mid Level
Arlington, VA
Professional, Scientific, and Technical Services

About the position

SkyePoint Decisions is seeking a Penetration Tester to support the Diplomatic Security Cyber Mission (DSCM) program. This role involves leading penetration tests to assess the security of customer systems, identifying vulnerabilities, and developing remediation strategies. The position requires collaboration with a team of cybersecurity professionals to enhance the cybersecurity infrastructure and ensure the protection of sensitive data against various threats. The role operates on a hybrid schedule in Arlington, VA, with a mix of onsite and remote work.

Responsibilities

  • Support the Department of State Red Cell Team by performing and leading penetration tests.
  • Identify vulnerabilities and develop recommended remediations to satisfy mandated NIST 800-53 security controls.
  • Report and demonstrate findings to system owners and engineers.
  • Maintain Red Cell infrastructure.
  • Develop or modify tools to automate discovery or exploitation.

Requirements

  • Bachelor of Science and 9 years of relevant experience in Cyber/IT, or a Master's of Science and 7 years of relevant experience in Cyber/IT.
  • In lieu of a degree, 4 years of additional IT security or penetration testing experience may be considered.
  • Minimum of 5 years with penetration testing experience.
  • Possess one of the following certifications, OR be able to obtain before start date: CASP+ CE; CCNA Cyber Ops; CCNA-Security; CCNP Security; CEH; CFR; CISA; CISSP (or Associate); Cloud+; CySA+; GCED; GCIA; GCIH; GICSP; SCYBER.
  • Demonstrated experience with Kali Linux.
  • Demonstrated penetration testing tools experience with Nmap, Burp Suite, Metasploit, etc.
  • Demonstrated ability in evaluating vulnerabilities, performing root cause analysis, and reporting findings utilizing assessment methodologies such as NIST SP 800-115, PTES, ISSAF, OWASP WTG.
  • Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers.
  • U.S. citizenship and an active Secret security clearance.

Nice-to-haves

  • Active Top Secret or TS/SCI clearance
  • One of the following certifications or an alternate, verifiable certification demonstrating IT security competence: CompTIA CASP+, ISC2 CISSP, ISC2 CCSP, ISC2 ISSEP.
  • One of the following certifications or an alternate, verifiable certification demonstrating practical penetration testing competence: OSCP, CPTS, PNPT, GXPN.
  • Advanced understanding of NIST RMF and the A&A process.
  • Security principles such as CIA, IAAAA, access control models, risk management, etc.
  • Networking principles and technologies such as IP routing, TCP/UDP, VPNs, firewalls, NAT, etc.
  • Common network protocols such as SSH, FTP, SMTP, SMB, HTTP, etc.
  • Operating system principles such as process management, device management, user management, file systems, etc.
  • Data processing principles such as encoding, hashing, encryption, etc.
  • Scripting and programming languages such as Bash, Python, PowerShell, JavaScript, etc.
  • Common application vulnerabilities and exploits such as outdated components, permissions misconfigurations, lack of input validation, logging/monitoring failures, etc.
  • Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken authentication mechanisms, etc.
  • Active Directory enumeration and attacks such as kerberoasting, AS-REP roasting, abusing misconfigured privileges, crafting golden tickets, etc.
  • Public Key Infrastructure (PKI) and navigating IT environments implementing multifactor authentication.
  • Cloud technologies and platforms such as AWS, Microsoft Azure, GCP.

Benefits

  • Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance.
  • Floating federal holiday options.
  • 401k matched.
  • Certificate Incentive Program to promote professional development.
  • Flexible Work Environment.
  • PTO.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service