Senior Red Team/Penetration Tester
Arlington, Virginia, United States
phia LLC
At phia, trust us to solve the complex challenges of our connected world through top-tier cyber intelligence & threat hunting. Contact us.phia LLC is reviewing resumes of experienced Red Team/Penetration Testers to join our team of qualified, diverse individuals. In this senior-level role, you will be conducting assessments across federal, state, and local government agencies. While the duration of assessments can vary based on the number and types of services requested, typical assessments will be 14-90 days in duration. We have the ability to consider both 1099 and W-2 employees for this position.
Mission
This work is in support of the Department of Homeland Security's (DHS) Vulnerability Management (VM) Division/ National Cybersecurity Assessments and Technical Services (NCATS) program providing vulnerability assessments, development of assessment methodologies, and technical program advisement.
Duties
- Independently lead and/or conduct vulnerability/pentesting assessments using approved tools and following an approved methodology, scope, and rules of engagement.
- Identify security vulnerabilities that could allow an attacker to compromise client information or systems.
- Perform assessments of systems and networks within the enterprise and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
- Measure effectiveness of defense-in-depth architecture against known vulnerabilities and attack techniques.
- Conduct and/or support authorized penetration testing on enterprise network assets with a focus on application security.
- Define procedures for penetration testing assessment for servers, endpoints, network appliances, and applications.
- Perform application security assessments of key business services and provide written reports on the security posture of those systems.
- Collaborate with DHS and assessed organizations to identify and defend against common attack vectors.
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
- Advise government and assessed organization’s leadership on Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
Requirements
Key Experience
- 5-9 years of hands-on work experience is desired for this senior-level position.
- Bachelor’s degree in a technical specialty such as Cybersecurity, Computer Science, Management Information Systems, or related area of study is preferred.
- Red Team experience or exposure is strongly desired.
- Diverse experience in cybersecurity vulnerability assessments with a focus on application security assessments is expected.
- Ethical hacking experience, including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews is expected.
- Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, PowerShell, Python, etc.
- Military, Intelligence Community, or Law Enforcement experience is a plus.
- Ability to understand and follow Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
Certification Requirements
- At least one of the following industry certifications is required: OSCP, OSCE, GPEN, GXPN or equivalent.
Who You Are
- A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
- You have the ability and desire to learn and advance your career.
- Innate leadership skills with the ability to mentor and train junior staff members.
- An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.
Travel
- Up to 50%; one week from local lab environment within Northern Virginia and one week at assessment organization onsite (typically CONUS).
Telework Eligibility
- N/A
Security Requirements
- This position will require U.S. citizenship and an active Secret clearance; DHS EOD eligibility will be required. Candidates must have the ability to obtain a Top Secret clearance (or higher) if required.
Benefits
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time (W-2) employees:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Monthly Payroll
Tags: Application security Audits Clearance Cobalt Strike Compliance Computer Science DoD Ethical hacking GPEN GXPN Incident response Kali Linux Metasploit Nessus Nmap OSCE OSCP Pentesting PowerShell Python Red team Scripting Security assessment Strategy Top Secret Top Secret Clearance Vulnerabilities Vulnerability management Windows
Perks/benefits: 401(k) matching Career development Health care Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs