Penetration Tester

Marathon TS is looking for a Penetration Tester to support our government client. The Penetration Tester will:

• Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
• Apply sound technical and management principles to identify and remediate cybersecurity --vulnerabilities across the State Department global IT enterprise infrastructure
• Apply organizational and process change principals
• Evaluate system performance results, perform risk assessments, and evaluate performance metrics.
• Responsibilities include:
• Provide ad-hoc penetration testing and assessment services on Department of State systems identified by the leadership.
• Develop, Identify and resolve security vulnerabilities related to deployment and testing processes
• Streamline and optimize processes and procedures in order to rapidly remediate vulnerabilities from cybersecurity threats
• Collaborate with Department and external cyber stakeholders on cybersecurity technology implementations to meet specific operational needs.
• Perform technical evaluations of recommended vulnerability mitigation actions and make recommendations based on impact and/or other countermeasures.
• Develop strategies for CIC cyber defense technologies, ensuring integration and alignment for continued operation.
• Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations
• Network Mapping include but are not limited to a network map of the organization's system that includes a visual representation of the organization's physical devices and digital network.
• Perform operation and maintenance activities in support of existing CIC cyber tools and technologies (MSV, Qualys, Tenable Nessus and others).
• Identify, diagnose, and prioritize anomalies in cyber defense infrastructure and resources.
• Perform cybersecurity testing of developed applications and/or systems. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.
• Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders.

• 4 years Microsoft Operating Systems (OS) engineering and support experience focusing on Active Directory (AD), System Center Configuration Manager (SCCM), System Center Operations Manager (SCOM)
• 4-6 years Network penetration testing experience
• In-depth experience in planning, implementing, and managing large/global enterprise infrastructures
• Familiarity of various analytical tools (Splunk, USBDeview, Netwitness, MimiKatz)
• Understanding of Security Information and Event Management (SIEM) tools (Splunk, McAfee)
• Familiarity of Cobalt Strike, Nessus, Kali Linux, Burp Suite, Nmap and OpenVAS for databases
• Knowledge of general attack stages
• Skill in the use of social engineering techniques and using penetration testing tools
• Familiarity with OMB, NIST, Client, and related security guidelines and directives
• Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Server/endpoint OS (Microsoft, Linux, IOS) along with mobile and cloud technologies.
• Cloud application security, Vulnerability Management and Security Information, and Event Management capabilities.
• Knowledge of identity and access management solutions (MFA, PKI, SAML, etc.)
• Countermeasures / mitigations to identified cybersecurity risks.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration Protocol (DHCP), domain name system, and directory services
• Ability to generate and implement capabilities to monitor organization's network in real-time
• Ability to provide Vulnerability Scanning Risk Assessment
• Information protection technologies (e.g., firewalls, antivirus, threat protection, servers, routers, and others as appropriate).
• Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
• Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)