Lead Penetration Tester - Top Secret W/ Fs Polygraph

Location: Annapolis Jct, Maryland
Category: Penetration Tester
Travel Required: No
Remote Type: onsite
Clearance: Top Secret w/ FS Polygraph (last poly must be within the past 7 years)
Lead Penetration Tester
A Lead Penetration Tester is needed to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology. The selected candidate will work on a team of cyber Subject Matter Experts (SMEs) who are providing support to a large, complex technical program for preventing, identifying, containing and eradicating cyber threats to networks through monitoring, intrusion detection and protective security services on information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connections, public facing websites, security devices, servers and workstations. She/he will be responsible for the overall security of Enterprise-wide information systems, and will collect, investigate, and report any suspected and confirmed security violations.
Primary Responsibilities

• Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies.
• Perform web app pentests.
• Perform vulnerability risk assessment.
• Perform physical pentests and social engineering.
• Perform cyber incident response as needed for programs.

• Must have experience in web development and programming languages such as Java, XML, Perl and HTML.
• Must have extensive experience performing IT security risk assessments.
• Must have experience performing web app and physical pentests.
• Experience with programming/scripting in Python, Powershell, C, JavaScript, etc.
• Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective.
• Must have experience with or strong familiarity of Kali.
• Must have experience with or strong familiarity of IPS/IDS solutions.

• Must have a strong understanding of the Cyber Kill Chain methodology.
• Must have the ability to effectively collaborate with technical staff and customers when necessary to forming strategies and plan for continuous modernization and legacy integration.
• Must have experience managing multiple projects and quickly and effectively adjusting to shifting priorities and resolving issues.

• BS in a related feild and at least 8 years of relevant experience
• Certifications in one or more of the following areas:
  • GIAC Web Applications Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Web Application Defender (GWEB)
  • Certified Information System Security Professional (CISSP)