Job #: 2571
Title: Penetration Tester – Arlington, VA
Responsibilities:
• Build out a comprehensive testing framework which combines internal and external testing vulnerability sources, security tools and vendor capabilities.
• Collaborate with software development, system engineering and architect peers to continually improve system design, implementation and operations
• Configure, run and monitor automated security testing tools
• Perform manual validation of vulnerabilities
• Perform manual penetration testing of client systems, web sites and networks to discover vulnerabilities
• Thoroughly document exploit chain/proof of concept scenarios for internal client consumption
Qualifications:
EXPERIENCE:
• A degree or certificate in management information systems, security, mathematics, computer science or related field or 7+ years of relevant information security experience
• Working with technical security controls
• Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages
• Familiarity with vulnerability assessment and penetration best practices
• Experience with vulnerability and penetration testing techniques and tools
• Desire to obtain one or more security-related certifications such as Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCEH), Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP)
• 4+ years of application security penetration testing experience.
• Experience testing web and mobile platforms.
• Development experience, working knowledge of Java.
• Excellent analytical and debugging skills.
• Excellent communication skills
TECHNICAL SKILLS:
The ideal candidate should possess a detailed knowledge of one or more of the following technologies:
• Security testing tools including Metasploit, Nmap, Nessus, Burp Suite, OWASP ZAP Proxy.
• Linux operating systems
• Microsoft technologies
• Mobile application programming and/or security testing
• Wireless technologies
• Web application technologies
• Network implementation (operational and security)
• Social engineering
• Physical security
• Source code analysis software
• Intermediate to advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint)
EDUCATION:
• A degree or certificate in management information systems, mathematics, computer science or related field or 7+ years of relevant information security experience