Penetration Tester

CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence and innovation in the solutions we provide our clients across healthcare, national security, and the public sector. We are seeking a Penetration Tester to join our team of experts tasked with securing the critical networks and systems our clients depend on.

• Perform security assessments and penetration testing in accordance with the Information Security Center (ISC) Security Assessment Methodology and the USDA Rules of Engagement for the Operational Security Assessment Penetration Testing.
• Update the ISC Security Assessment Methodology, including Penetration Testing and Web Security Assessment, and the USDA Rules of Engagement for the Operational Security Assessment Penetration Testing (as required) to address inclusion of Web Security Assessments and supporting details.
• Perform Web Security Assessments (Web Server and Applications) in accordance with Federal and Departmental regulations as well as best practices and guidelines, e.g. NIST, DISA STIGs, Open Web Application Security Project (OWASP) Top Ten.
• Evaluate whether respective IT infrastructures, networks, web services, systems, information, and business are adequately secured and provide recommendations to resolve and/or mitigate findings.
• Conduct analysis of an agency’s information architecture, develop a threat profile for the agency’s security components, or its layers and sub-layers of security.
• Identify threats and vulnerabilities based on the information technology associated with an agency’s business.
• Examine and evaluate the agency’s operational security policies, procedures, and systems through the performance of technological reviews.
• Identify strengths, vulnerabilities, and overall security posture of the agency, whether the agency’s IT architecture is adequately secured and in compliance with current security directives.
• Identify and evaluate attacker tools and methods.
• Individually develop and map identified threats to each asset within an agency.
• Develop a master list of threats or “findings.”
• List all findings the assessment has identified and determine which of the findings should be dealt with and mitigation priority.

• Must be eligible to obtain a Public Trust government security clearance (US Citizenship required).

• 4-year college degree in Computer Science or related field and 2 years of experience. 5 years of experience accepted in lieu of a college degree.

• At least 5 years of security experience, including at least 2 years directly engaged with penetration testing activities.

• Excellent communication skills, both written and oral.
• Certified Ethical Hacker (CEH) certification or any of the certifications listed below.
• Knowledge of NIST and FISMA guidelines.
• Experience in the use of penetration testing tools and techniques, such as Burp Suite Pro, IBM AppScan, HP WebInspect, CoreImpact, Kali Linux, Nessus, Nmap.
• Experience in the use of social engineering techniques. (e.g., phishing, baiting, tailgating).
• Experience in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap).

• One or more of the following certifications:
  • Global Information Assurance Certification (GIAC).
    • GCIH: GIAC Certified Incident Handler.
    • GPEN: GIAC Penetration Tester.
    • GWAPT: GIAC Web Application Penetration Tester
    • GXPN: GIAC Exploit Researcher and Advanced Penetration Tester
    • GMOB: GIAC Mobile Device Security Analyst
    • GAWN: GIAC Assessing and Auditing Wireless Networks
    • GPYC: GIAC Python Coder
    • GEVA: GIAC Enterprise Vulnerability Assessor
  • Offensive Security Certified Professional (OSCP).
  • CISA AES RVA course.

Location: This position is located in the DC Metro Area. The role is 100% remote with local travel to USDA office locations in the DC Metro Area.