Job Description
Description:
This roll will be responsible to lead pen testing. This will include scoping and planning pen tests with the development teams and then leading execution of those pen tests. You’ll report findings, produce reports and work with the development and security teams to resolve the issues you and your team members find. Other members of the security team will work with you to assess the overall security and privacy risk of the products you are testing. You’ll stay up to date with the industry’s latest techniques and tools. This role will be testing a variety of products and will be well versed in cloud, client, IoT and hardware penetration testing.
Duties:
- Lead the pen testing engagement planning process, to include conducting scoping and negotiating rules of engagement.
- Oversee and lead the day-to-day execution of penetration tests.
- Assess results of penetration tests and quantify cyber risks. Develop and present relevant, timely, and detailed technical reports for internal technical customers.
- Develop and deliver penetration test executive reports.
- Provide technical leadership and guidance for junior Penetration Testers during all phases of an assessment.
- Participate in the penetration testing team’s customer outreach program to develop and strengthen relationships with other technical teams within the cyber defense organization.
- Lead the day-to-day technical execution of one or more simultaneous cyber penetration tests.
- Lead the penetration testing engagement planning process from a technical perspective, to include conducting scoping, defining objectives, negotiating rules of engagement, testing, reporting and executive communications.
A Sr Penetration Tester shall have the following qualifications:
• Minimum of 8 years of experience in IT security, and 5 years specialized experience in
penetration testing.
• Demonstrated experience creating novel, reusable, exploits for disclosed and undisclosed
vulnerabilities. This experience may also be demonstrated by having one of the following active
certifications: Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security
Certified Expert (OSCE), or Offensive Security Certified Professional (OSCP), Offensive Security
Exploitation Expert (OSEE).
• Proficiency in at least one of the following frameworks: Metasploit, Core Impact, Immunity
Canvas.
Or other comparable certifications or experience, which must be approved in advance by the
Government Program Manager on a case-by-case basis.
Location:
This position may be staffed at the Government’s facilities near Burlington, VT or near Camp Springs,
MD, or other locations in the United States with approval by the Government.
*Position is contingent upon reward.