Position Title: Penetration Tester (Senior)
Location: Woodlawn, MD
- 7+ years of IT experience with increasing levels of management and supervision responsibilities, up to teams of five, to include 4+ years of experience in either information security, development, or system/network administration.
- Bachelor’s degree in an IT related field or equivalent education or work experience.
- Programming experience with focus on development, security, or process automation
- Working knowledge of TCP/IP ports and protocols
- Working proficiency with Windows and UNIX operating systems
- Working knowledge of firewalls, routing, switching, and other network security products
- Familiarity with web proxy tools such as Burp, ZAP, and Fiddler
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
- Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, and Nikto.
- Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc.
- Self-motivated and able to work in an independent manner
Additional Experience Preferred:
- Expertise in at least one related functional area (network security, reverse engineering, programming, databases, mainframes, web applications, etc.).
- Application/Systems development experience.
- An In-Depth familiarity with Linux, MS Windows, or both.
- Database administration, device configuration hardening and compliance verification experience.
- Familiarity with programming/scripting in multiple languages (Python and PowerShell a plus).
- Advanced degree in an IT related field a plus.
- Knowledge of applied cryptography.
- Familiarity with XML, SOAP, and Ajax.
- Ability to conduct source code reviews.
- Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open Source Security Testing Methodology Manual (OSSTMM).
- Offensive Security certifications (OSCP, OSCE, etc.), GIAC certifications (GPEN, GWAPT, GXPN, etc.), or technology specific certifications (MCSE, LPIC, CCNA, etc.) a plus.
- Manage and mentor up to five junior and mid level penetration testers.
- Actively participate in five scheduled penetration tests per week, providing assistance to junior and mid level penetration testers.
- Provide technical guidance to all penetration testers.
- Validate findings discovered by junior and mid lelvel penetration testers.
- Ensure all findings are properly documented and submitted to team lead.
- Track all findings to closure and retest findings to ensure proper closure.
- Conduct network and web-based application penetration tests.
- Provide advisement on countermeasures to mitigate threats.
- Identify security deficiencies and determine the efficacy of security controls design and implementation.
- Provide vulnerability to exploit mapping.
- Conduct physical security assessments and wireless security assessments as required.
- Develop subject matter expertise of focused capabilities in the topics of network security, database security, wireless security, or application and development security.
- Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
- Simulate internal lateral movement activities observed in successful attacks from known adversaries.