Penetration Tester- Secret Clearance

• Support the Red Cell Team by performing and leading penetration tests to assess the security of customer systems.
• Identify vulnerabilities and develop recommended remediations to satisfy mandated NIST 800-53 security controls.
• Report and demonstrate findings to system owners and engineers.
• Maintain Red Cell infrastructure.
• Develop or modify tools to automate discovery or exploitation., + Networking principles and technologies such as IP routing, TCP/UDP, VPNs, firewalls, NAT, etc.

• Common network protocols such as SSH, FTP, SMTP, SMB, HTTP, etc.
• Operating system principles such as process management, device management, user management, file systems, etc.
• Data processing principles such as encoding, hashing, encryption, etc.
• Scripting and programming languages such as Bash, Python, PowerShell, JavaScript, etc.
• Common application vulnerabilities and exploits such as outdated components,
• permissions mis-configurations, lack of input validation, logging/monitoring failures, etc.
• Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken authentication mechanisms, etc.
• Active Directory (AD) enumeration and attacks such as kerberoasting, AS-REP roasting, abusing mis-configured privileges, crafting golden tickets, etc.
• Public Key Infrastructure (PKI) and navigating IT environments implementing multifactor authentication.
• Cloud technologies and platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc.

• Bachelor of Science and 5 years of relevant experience in Cyber/IT, or a Master's of Science and 3 years of relevant experience in Cyber/IT. In lieu of a degree, 4 years of additional IT security or penetration testing experience may be considered.
• Minimum of 2 years with penetration testing experience.
• Possess one of the following certifications, OR be able to obtain before start date:

• CCNA Cyber Ops, CCNA-Security, CEH, CFR, Cloud+, CySA+, GCIA, GCIH, GICSP, SCYBER, Security+ CE, SSCP

• Demonstrated experience with Kali Linux.
• Demonstrated penetration testing tools experience with Nmap, Burp Suite, Metasploit, etc.
• Demonstrated ability in evaluating vulnerabilities, performing root cause analysis, and reporting findings utilizing assessment methodologies such as NIST SP 800-115, Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), OWASP Web Security Testing Guide (WTG), etc.
• Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers.
• U.S. citizenship required.
• An active Secret security clearance.

• Must have the ability to obtain a final Top Secret security clearance., * Active Top Secret or TS/SCI clearance.

• One of the following certifications or an alternate, verifiable certification demonstrating IT security competence:

• CompTIA CASP+
• ISC2 Certified Information Security Professional (CISSP)
• ISC2 Certified Cloud Security Professional (CCSP)
• ISC2 Information Systems Security Engineering Professional (ISSEP)

• One of the following certifications or an alternate, verifiable certification demonstrating practical penetration testing competence:

• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Professional (OSCP)
• Hack the Box Certified Penetration Testing Specialist (CPTS)
• TCM Security Practical Network Penetration Tester (PNPT)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Zero Point Security Red Team Ops II

• Advanced understanding of the following:

• NIST Risk Management Framework (RMF) and the Assessment and Authorization (A&A) process.
• Security principles such as CIA, IAAAA, access control models, risk management, etc.

$112,000.00