Penetration Tester

Role Specific Duties:

• Perform network and application penetration tests to identify vulnerabilities and weaknesses in the infrastructure and applications.
• Simulate insider threats to test detection and response capabilities, ensuring the agency is prepared to handle internal security risks.
• Develop penetration test plans, rules of engagement, and reports to provide clear documentation of findings, recommendations, and actions taken.
• Conduct thorough penetration testing of high-priority systems, emulating threat-based attacks.
• Identify and analyze security vulnerabilities, paying special attention to systems handling sensitive and confidential information.
• Utilize DAST tools to perform web application vulnerability scans, enabling timely detection and remediation of security weaknesses.
• Collaborate with Applications Development teams to provision developers and integrate security tools into the CI/CD pipeline, facilitating automated developer verification of software vulnerabilities.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's preferred).
• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or other relevant certifications preferred.
• Strong knowledge of cybersecurity principles, practices, and tools. Understanding of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, mitm, covert channels, secure tunneling and exfiltration techniques.
• A mastery of scripting and reading exploits written in various programming languages
• Execute advanced ethical hacking concepts.
• Proficiency with Python and Java and other programming languages.
• Proficiency in using tools such as Kali Linux and Windows OS, experience with both commercial and non-commercial post-exploitation frameworks, scripting and programming languages (e.g., PowerShell, Python, Go, Java), expertise in Active Directory and related analysis tools, knowledge of endpoint and network detection evasion techniques, and the ability to compile and modify open-source software for offensive and defensive cybersecurity purposes.
• Experience with DevSecOps practices and CI/CD pipelines.
• Excellent communication skills and the ability to work collaboratively with cross-functional teams.
• Strong problem-solving skills and attention to detail.
• Ability to obtain and maintain necessary security clearances.
• Candidates must be a US Citizen or a Legal Permanent Resident (Green Card status) for 3 years and be Federal Tax compliant.