Senior Red Team/Penetration Tester
Arlington, Virginia, United States
Posted 1 month ago
phia LLC is reviewing resumes of experienced Red Team/Penetration Testers to join our team of qualified, diverse individuals. In this senior-level role, you will be conducting assessments across federal, state, and local government agencies. While the duration of assessments can vary based on the number and types of services requested, typical assessments will be 14-90 days in duration. We have the ability to consider both 1099 and W-2 employees for this position.
This work is in support of the Department of Homeland Security's (DHS) Vulnerability Management (VM) Division/ National Cybersecurity Assessments and Technical Services (NCATS) program providing vulnerability assessments, development of assessment methodologies, and technical program advisement.
- Independently lead and/or conduct vulnerability/pentesting assessments using approved tools and following an approved methodology, scope, and rules of engagement.
- Identify security vulnerabilities that could allow an attacker to compromise client information or systems.
- Perform assessments of systems and networks within the enterprise and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
- Measure effectiveness of defense-in-depth architecture against known vulnerabilities and attack techniques.
- Conduct and/or support authorized penetration testing on enterprise network assets with a focus on application security.
- Define procedures for penetration testing assessment for servers, endpoints, network appliances, and applications.
- Perform application security assessments of key business services and provide written reports on the security posture of those systems.
- Collaborate with DHS and assessed organizations to identify and defend against common attack vectors.
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
- Advise government and assessed organization’s leadership on Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
- 5-9 years of hands-on work experience is desired for this senior-level position.
- Bachelor’s degree in a technical specialty such as Cybersecurity, Computer Science, Management Information Systems, or related area of study is preferred.
- Red Team experience or exposure is strongly desired.
- Diverse experience in cybersecurity vulnerability assessments with a focus on application security assessments is expected.
- Ethical hacking experience, including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews is expected.
- Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, PowerShell, Python, etc.
- Military, Intelligence Community, or Law Enforcement experience is a plus.
- Ability to understand and follow Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
- At least one of the following industry certifications is required: OSCP, OSCE, GPEN, GXPN or equivalent.
Who You Are
- A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
- You have the ability and desire to learn and advance your career.
- Innate leadership skills with the ability to mentor and train junior staff members.
- An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.
- Up to 50%; one week from local lab environment within Northern Virginia and one week at assessment organization onsite (typically CONUS).
- This position will require U.S. citizenship and an active Secret clearance; DHS EOD eligibility will be required. Candidates must have the ability to obtain a Top Secret clearance (or higher) if required.
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time (W-2) employees:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Monthly Payroll
More Information Security position highlights
- Explore open SOC Analyst Jobs
- Explore open Senior SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open IAM Engineer Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Privacy Manager Jobs
- Explore open Clearance-related jobs
- Explore open Open Source-related jobs
- Explore open CEH-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open IDS-related jobs
- Explore open Risk management-related jobs
- Explore open Audits-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open Splunk-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open AI-related jobs
- Explore open Encryption-related jobs
- Explore open Security assessments-related jobs
- Explore open Docker-related jobs
- Explore open PowerShell-related jobs
- Explore open DNS-related jobs
- Explore open TCP/IP-related jobs
- Explore open Unix-related jobs
- Explore open Threat detection-related jobs