Senior Red Team/Penetration Tester

phia LLC is reviewing resumes of experienced Red Team/Penetration Testers to join our team of qualified, diverse individuals. In this senior-level role, you will be conducting assessments across federal, state, and local government agencies. While the duration of assessments can vary based on the number and types of services requested, typical assessments will be 14-90 days in duration. We have the ability to consider both 1099 and W-2 employees for this position.

Mission
This work is in support of the Department of Homeland Security's (DHS) Vulnerability Management (VM) Division/ National Cybersecurity Assessments and Technical Services (NCATS) program providing vulnerability assessments, development of assessment methodologies, and technical program advisement.

Duties

• Independently lead and/or conduct vulnerability/pentesting assessments using approved tools and following an approved methodology, scope, and rules of engagement.
• Identify security vulnerabilities that could allow an attacker to compromise client information or systems.
• Perform assessments of systems and networks within the enterprise and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Measure effectiveness of defense-in-depth architecture against known vulnerabilities and attack techniques.
• Conduct and/or support authorized penetration testing on enterprise network assets with a focus on application security.
• Define procedures for penetration testing assessment for servers, endpoints, network appliances, and applications.
• Perform application security assessments of key business services and provide written reports on the security posture of those systems.
• Collaborate with DHS and assessed organizations to identify and defend against common attack vectors.
• Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Advise government and assessed organization’s leadership on Plans of Action and Milestones (POA&Ms) for vulnerability remediation.

Requirements

Key Experience

• 5-9 years of hands-on work experience is desired for this senior-level position.
• Bachelor’s degree in a technical specialty such as Cybersecurity, Computer Science, Management Information Systems, or related area of study is preferred.
• Red Team experience or exposure is strongly desired.
• Diverse experience in cybersecurity vulnerability assessments with a focus on application security assessments is expected.
• Ethical hacking experience, including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews is expected.
• Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, PowerShell, Python, etc.

• Military, Intelligence Community, or Law Enforcement experience is a plus.
• Ability to understand and follow Plans of Action and Milestones (POA&Ms) for vulnerability remediation.

Certification Requirements

• At least one of the following industry certifications is required: OSCP, OSCE, GPEN, GXPN or equivalent.

Who You Are

• A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
• You have the ability and desire to learn and advance your career.
• Innate leadership skills with the ability to mentor and train junior staff members.
• An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.

Travel

• Up to 50%; one week from local lab environment within Northern Virginia and one week at assessment organization onsite (typically CONUS).

Telework Eligibility

• N/A

Security Requirements

• This position will require U.S. citizenship and an active Secret clearance; DHS EOD eligibility will be required. Candidates must have the ability to obtain a Top Secret clearance (or higher) if required.

Benefits

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time (W-2) employees:

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)
• Monthly Payroll