Senior Penetration Test Engineer

Company Overview:

For the past 15+ years, eTelligent Group has consistently delivered excellent services that are demonstrated through our exceptional past performances. As a WOSB, and small business, we have distinguished our company as effective problem solvers with innovative, scalable solutions. We integrate CMMI Dev Level 3 processes, tools, and techniques with innovative, cost-efficient, and secure solutions to address complex challenges. We also hold ISO 9001:2015, ISO/IEC 27001:2013, and ISO/IEC 20000-1:2018 certifications.

Roles & Responsibilities:

• Support the creation and collaborative update of the program IT Security and Penetration Test Strategy and Test Plan.
• Assess program test integration processes and document findings for improvement.
• Conduct a comprehensive review of MITRE Attack Tactics, Techniques, and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK) and Qualys Vulnerability Management, Detection, and Response (VMDR) for accuracy and conformity with cross-project test execution.
• Conduct focused technical analyses (Network Mapping, Vulnerability Scanning, & Penetration Testing) in support of the program, releases, and projects including architecture and engineering tasks.
• Conduct platform, data, performance and software engineering analyses and feasibility studies in accordance with the Common Vulnerability Scoring System (CVSS).
• The contractor shall be required to assist the agency with:
• Developing custom vulnerability detection plugins and scripts.
• Knowledge of threat actors, tools, tactics and techniques.
• Performing penetration testing and threat simulations.
• Knowledge of defensive capabilities and rapid mitigation strategies.
• Knowledge of the Common Vulnerability Scoring System (CVSS).

Required Skills:

• Good understanding and atleast 8+ years of hands-on experience in performing Penetration Testing.
• The candidate is expected to have Exploit development background who can discover new vulnerabilities in the systems they are assigned to work on.
• The individual should be fluent in Exploit frameworks such as Metasploit, Canvas, Core Impact or Cobalt Strike.
• Experience with debuggers such as IDA Pro, WinDBG, GDB.
• Should have exposure to multiple programming languages and be able to seamlessly transition between them.
• OSCP certification or similar is desirable.

Qualifications:

• Bachelor’s or master’s degree in Computer Science, Information Systems, Engineering, or related field.
• Candidates must meet requirements to obtain and maintain an IRS Minimum Background Investigation (MBI) clearance (active IRS Moderate Risk MBI clearance is a plus).
• Candidates must be a US Citizen or a Legal Permanent Resident (Green Card status) for at least three (3) years, and Federal Tax compliant.