Junior Red Team/Penetration Tester

Arlington, Virginia, United States

Full Time Entry-level / Junior Clearance required
phia LLC logo
phia LLC
Apply now Apply later

Posted 1 week ago

phia LLC is reviewing resumes of Junior Red Team/Penetration Testers to join our team of qualified, diverse individuals. In this entry-level role, you will be conducting assessments across federal, state, and local government agencies. While the duration of assessments can vary based on the number and types of services requested, typical assessments will be 14-90 days in duration. We have the ability to consider both 1099 and W-2 employees for this position.

Mission
This work is in support of the Department of Homeland Security's (DHS) Vulnerability Management (VM) Division/ National Cybersecurity Assessments and Technical Services (NCATS) program providing vulnerability assessments, development of assessment methodologies, and technical program advisement.

Duties

  • Conduct vulnerability/pentesting assessments using approved tools, following approved methodology, scope, and rules of engagement.
  • Identify security vulnerabilities that could allow an attacker to compromise client information or systems.
  • Perform and assist with assessments of systems and networks within the enterprise, identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
  • Measure effectiveness of defense-in-depth architecture against known vulnerabilities and attack techniques.
  • Conduct and/or support authorized penetration testing on enterprise network assets with a focus on application security.
  • Follow procedures for penetration testing assessment for servers, endpoints, network appliances, and applications.
  • Perform application security assessments of key business services and provide written reports on the security posture of those systems.
  • Collaborate with senior team members and assessed organizations to identify and defend against common attack vectors.
  • Assist in the preparation of audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.

Requirements

Key Experience

  • 1-3 years of work experience is preferred; however, school/lab experience will be considered.
  • Bachelor’s degree in a technical specialty such as Cybersecurity, Computer Science, Management Information Systems, or related area of study is preferred.
  • Red Team experience or exposure is strongly desired.
  • Exposure to cyber security vulnerability assessments with a focus on application security assessments.
  • Ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews.
  • Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, PowerShell, Python, etc.
  • Military, Intelligence Community, or Law Enforcement experience is a plus.
  • Ability to understand and follow Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
  • A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
  • You have the ability and desire to learn and advance your career.
  • An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.

Certification Requirements

  • At least one of the following industry certifications is required: OSCP, OSCE, GPEN, GXPN or equivalent.

Who You Are

  • A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
  • You have the ability and desire to learn and advance your career.
  • An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.

Travel

  • Up to 50%; one week from local lab environment within Northern Virginia and one week at assessment organization onsite (typically CONUS).

Telework Eligibility

  • N/A

Security Requirements

  • This position will require U.S. citizenship and an active Secret clearance; DHS EOD eligibility will be required. Candidates must have the ability to obtain a Top Secret clearance (or higher) if required.

Benefits

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time (W-2) employees:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long-Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance
  • Flex Spending Accounts (FSA)
  • Monthly Payroll
Job tags: Architecture Auditing Clearance Cobalt Strike Compliance Ethical hacking GPEN GXPN Incident response Kali Linux Metasploit Military Nessus Nmap OSCE OSCP Penetration Tester Penetration testing PowerShell Python Red team Security assessments Strategy Top Secret Top Secret Clearance Vulnerabilities Vulnerability management Windows
Job region(s): North America
Job stats:  21  1  0
  • Share this job via
  • or