Senior Penetration Tester - Fedramp

This position is "WORK FROM HOME" but the hired candidate MUST be able to professionally visit the Virginia office if needed.

The ideal candidate for our penetration testing team will thrive on collaboration, learning, and teaching. The candidate should have a firm understanding of how to apply the latest vulnerabilities and exploitation techniques in circumstances and expertise in performing penetration testing in complex and diverse computing and communications environments. Experience with cloud environments, mobile application testing, and testing automation is highly desirable.

Responsibilities:

Leadership

• Independently lead penetration testing engagements with minimal guidance from leadership while providing thorough direction to team members.
• Promote an inclusive, trusting team environment by sharing best practices while helping the team reach consensus decisions and debriefing lessons learned.
• Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise on complex issues.
• Effectively work with colleagues to develop staff technical skills that solve complex client problems, ensuring knowledge across teams or capability offerings.
• Communicates expectations for comprehensive quality standards conducts quality assurance reviews of penetration test methods and reports to confirm high quality, client-ready deliverables.
• Adheres to projects/tasks, scheduling, and scope by monitoring penetration test execution and reporting that thoroughly breaks down and explains weaknesses and vulnerabilities, their attack vectors, and remediation steps in a clear, concise, and timely manner.

Subject Matter Expertise

• Advanced knowledge of two or more types of testing, to include Network, Web Applications, Application Program Interfaces, Mobile Applications; Client-Side Applications; Wireless; Social Engineering; Phishing; Physical Penetration; Satellite and Ground Stations; Unmanned Aircraft; ICS; and IOT.
• Have an understanding of one or more of the following security testing standards: FedRAMP, PCI-DSS, HIPAA, FISMA, and NIST.
• Advanced knowledge of commonly used penetration testing tools, such as Nessus, Retina, SAINT, Qualys, AppDetective, SecureSphere, WebInspect, AppScan, Burp Suite, NMAP, Metasploit, and Cobalt Strike.

Innovation

• Spearhead the development of new and updated documented playbooks, processes, and procedures for penetration testing and tools.
• Identify and work with leadership on new capabilities that create new or emerging market space.
• Develop and implement custom automation for full attack life-cycle testing execution capabilities.

Research and seek opportunities to leverage new tools or processes that bolster the ability to analyze, disassemble, and reverse engineer vulnerabilities.

Experience and Skills

A Bachelor’s degree is preferred. However, years of relevant work experience will be considered.

Must have a minimum of 5 years of IT, Cybersecurity, or Consulting work experience.

Maintain two or more of the following security or technology certificates: OSCP, OSWE, OSEP, OSEE, GXPN, CEPT, LPT, GPEN, GWAPT amd CMWAPT, CRTOP, or equivalent.

Excellent communication skills, both written and verbal with strong presentation skills.

Ability to translate technical materials and issues into non-technical/layman terms.

Apply attention to detail, accuracy, and thoroughness in all work products.

Able to work well with others (team-player) in a collaborative manner.

Can work under minimum supervision and a self-starter.

Can lead interactions with clients with high-level of professionalism.

Must be able to successfully manage multiple tasks.

Serve as mentor to junior Security Consultants on best practices.