Penetration Testing Engineer - Red Team

Alexandria, Virginia, United States

Applications have closed

First Information Technology Services

Designing Information Security Solutions with You in Mind.

View company page

First Information Technology Services (FITS) has been providing Information Security, Cloud Computing Security, and IT consulting services since 2000. FITS consultants perform comprehensive assessments from beginning to end to produce meaningful, actionable reports that fit within an organization's comprehensive risk strategy.  

Program Overview:

First Information Technology Services, Inc. provides cyber security support services to the Telecommunications Information Systems Command (TISCOM), located in Alexandria, VA. Our cyber security team members are expected to perform analysis and applications security support tasks including vulnerability management activities,  across multiple Coast Guard owned and managed systems. In this capacity, they will work with internal and external cyber security stakeholders at CGCYBERCOM, USCG HQ and DHS in maintaining continued system security compliance and operations posture and sustained Authorization to Operate (ATO).

We’re looking for a  Top Secret cleared Security Engineer who wants to take their existing penetration testing, infrastructure engineering, and threat research skills to the next level. The work focuses primarily on building secure infrastructure and performing security assessments on our client’s systems, including penetration testing and evaluation of hardware, software, and web applications.

Essential Duties and Responsibilities

  • Support the virtualization and development of the hosting environment and virtual server infrastructure for security assessments and testing.
  • Execute penetration testing assessments, including identifying and exploiting security vulnerabilities in hybrid infrastructure using the established methodology and tools.
  • Research and stay current with new threats, attack vectors and techniques, risk, and cloud security trends.

Required Qualifications

  • Active Top Secret clearance, minimum Sensitive Compartmented Information (SCI) eligibility
  • DoD 8570 IAT-II Certified, in addition to at least one of the following technical certifications:
    • CEH, PenTest+, CySA+, CFR
  • Experience in application/infrastructure vulnerability assessments and remediation
  • Experience with penetration testing using tools, including Burp Suite Professional/Enterprise, Kali Linux, Metasploit, NMAP, Cobalt Strike, Nikto, SQLMAP, ZAP, Censys, Masscan, SpiderFoot, etc.
  • Experience with manually exploited web application weaknesses consisting of Cross Site Scripting (XSS), XML External Entity (XXE), SQL Injection (SQLi), Cross Site Request Forgery (CSRF) and information disclosures
  • Familiarity with building, deploying, maintaining, and troubleshooting virtual machines using tools and virtualization platforms such as VMWare, oVirt, and ESXi
  • Familiarity with command line interface of multiple operating systems, such as Windows, macOS, Linux
  • Knowledge of fundamental penetration testing methodology and ability to test for OWASP Top 10 Vulnerabilities

Preferred Qualifications

  • Working knowledge of exploit development
  • Experience with scripting/programming, e.g., Python, PowerShell, HTML
  • Experience with ticketing systems (Remedy)
  • Active involvement in security community, e.g., participating in CTF competitions, bug bounties, or developing open-source tools

Tools/Systems:

  • DoD Host Based Security System (HBSS)
  • Assured Compliance Assessment Solution (ACAS)
  • Tanium
  • Continuous Monitoring and Risk Scoring (CMRS)
  • Joint Incident Management System (JIMS)
  • Enterprise Mission Assurance Support Service (eMASS)
  • DHS Information Assurance Compliance System (IACS)

Location: 80% Onsite at TISCOM, Alexandria (4 days onsite, 1 day remote)

This is not a fully remote opportunity.

 

First Information Technology Services, Inc. believes that a well-rounded compensation package helps teams members thrive in their work and home life. FITS proudly invests in benefits for its employees, covering 100% of health, dental, and vision coverage for employees and their dependents, paid time off, holidays, matching 401(K), short/long term disability, and parental leave. FITS also provides up to $5,000 annually for professional development, including reimbursement of job-related training classes, seminars, tuition, and certification expenses. 

FITS is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. FITS is committed to the principle of equal employment opportunity for all employees and to provide employees with a work environment free of discrimination and harassment. All employment decisions at FITS are based on business needs, job requirements, and individual qualifications, regardless of race, color, ethnicity, age, religion or belief, sex, sexual orientation, gender identity and/or expression, national origin, family or parental status, disability, military or veteran status, or any other status protected by the laws or regulations in the locations where we operate. 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Burp Suite CEH Clearance Cloud Cobalt Strike Compliance CSRF CTF DoD DoDD 8570 Exploit Kali Linux MacOS Metasploit Monitoring Nmap OWASP Pentesting PowerShell Python Red team Scripting Security assessment SQL SQL injection Strategy Threat Research Top Secret Top Secret Clearance VMware Vulnerabilities Vulnerability management Windows XML XSS

Perks/benefits: Career development Health care Parental leave Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  52  6  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.