Evolver Federal is looking for a Penetration Tester to join our team on a large Security Operations program with our Federal client located in Washington, DC. The Penetration Testing team (Red Team) models real-world attacks against an organization, challenging its defenses against electronic, physical, and social exploits through the use of penetration testing and other means. The Red Team goes beyond "black box" testing and may include engagements that are designed to identify gaps in security practices and controls that are not readily apparent from conducting standard technical tests; these tests may also include information and direction from Hunt Team scenarios. The Red Team testing focuses on identifying potential damage that a determined, directed attacker could accomplish, and it should serve as a tool to train defenders on identifying real indicators of active attacks. Red Team testing begins with the collection of target data, which is analyzed for potential technical, physical, and social vulnerabilities, and then exploits are then selectively executed to gather more information and control of target assets.
This role is a Hybrid role with work 2-3 days a week at a Federal Site in Downtown Washington, DC
Responsibilities:
- Provides knowledge in computer and network forensics.
- Conducts vulnerability assessments/penetration tests of information systems.
- Develops, researches, and maintains proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption.
- Applies fundamental concepts, processes, practices, and procedures on technical assignments. Performs work that requires practical experience and training.
- Establish, update or modify, and maintain all Red Team and penetration testing plans and procedures
- Coordinate, with all stakeholders, all actions associated with the penetration test lifecycle.
- Continually develop, maintain, and optimize all program documentation related to Penetration Testing based upon innovation, industry techniques, policies, laws, and regulations. Documentation includes, but is not limited to Concept of Operations, Guidelines, and Standard Operating Procedures
- Develop, Maintain, Optimize, and make available to appropriate staff, a centralized mechanism for activity tracking penetration testing projects and Red Team activities
- Create, coordinate, obtain approval, and maintain all documentation that supports a penetration testing program
- Conduct penetration tests per the approved operating procedures and rules of engagement.
- Analyze, map potential vulnerabilities, mapped, provide analysis artifacts and reports for all penetration tests
- Provide vulnerability list to the appropriate organization for subsequent tracking and Plan of Action and Milestones (POA&M) creation
- Develop and follow a testing schedule that includes flexibility to conduct ad hoc tests upon request
- The team shall be required to brief or explain to staff, leadership, and other stakeholders the results of penetration testing activities
- Identify security deficiencies and determine the efficacy of security controls design and implementation
- Provide advisement on countermeasures to mitigate threats
- Provide a basis for evaluating the effectiveness of proposed or implemented security measures
- Provide vulnerability to exploit mapping
- Integrate penetration testing activities with other testing efforts, including but not limited to, vulnerability assessments, threat modeling, event detection evaluation, continuous monitoring tool verification, incident response, and incident reporting compliance
Basic Requirements
- 3 years related experience in Penetration Testing
- US Citizen or Permanent Resident
- Must be able to obtain an agency-specific Public Trust clearance.
Preferred Requirements
- 5 years of relevant experience in Penetration Testing
- Cyber Security Certifications such as Security+CE, CEH, GPEN, or similar