Data Center Cybersecurity Tester

Booz Allen Hamilton Inc. Washington , DC 20319

Posted 2 months ago

Job Description: Job Number: R0034753

Data Center Cybersecurity Tester

Key Role:

Apply knowledge of conducting assessment of threats and vulnerabilities through testing and evaluation activities. Conduct assessments for the determination of deviations from required or acceptable configurations, evaluation of the existing level of risk, recommendations for appropriate remediation measures, and evaluation of the residual risk after remediation. Provide leadership and mentoring for lower level employees.

Basic Qualifications:

  • 5+ years of experience with NIST

  • Experience with Telecommunications Industry Association (TIA) requirements

  • Experience with National Fire Protection Association (NFPA) requirements

  • Ability to obtain a security clearance

  • BA or BS degree

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We're an EOE that empowers our peopleno matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran statusto fearlessly drive change.

#LI-AH1, CJ1, DH1, GD15, MPPC


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Penetration Tester (Red Team)

Lunarline

Posted Yesterday

VIEW JOBS 11/12/2018 12:00:00 AM 2019-02-10T00:00 Title:                     Red Team Penetration Tester<br /> Location:               On Client site in Washington, DC<br /> Salary:                  DOE<br />  <br /> The Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner.  The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers.  Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work both independently and as a part of team testing efforts.<br /> <br /> <strong>Skills and Qualifications:</strong><br /> Required: <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Overall 3+ years of Information Security experience.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">At least 1 year of experience performing application security assessments.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">2+ years Red Team experience.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience with Unix (preferably Red Hat) administration skills.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Working understanding of all forms of daily server administration.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience with Windows server administration.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge and experience in basic web application configuration in particular experience with the Linux, Apache, MySQL, PHP (LAMP) stack.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge of and experience in performing application assessments.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and a notion of how to they are fixed.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">A good understanding of Linux.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">An understanding of local Linux OS flaws and how to leverage them to increase privilege</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Familiarity with security focused distributions.</li> </ul>  <br /> Desired: <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Offensive pen testing experience.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Familiarity with interpreting log output from networking devices, operating systems and infrastructure services.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">A good understanding of Penetration testing methodology (recon [active & passive], vulnerability analysis, exploitation, lateral movement, and reporting).</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Working familiarity with the following tools: <ul style="list-style-type:circle;"> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">NMAP.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Metasploit.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Meterpreter.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Cobalt Strike.</li> </ul> </li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience with obtaining access through spear phishing, HID exploitation, rogue access points, etc.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Background in scripting. </li> </ul> <div style="padding: 0; margin: 0;"><br /> <strong>Education:</strong></div> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Bachelor’s degree highly desirable.</li> </ul> <div style="padding: 0; margin: 0;"><br /> <strong>Certifications:</strong></div> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications and OSCP.</li> </ul> Lunarline Washington DC

Data Center Cybersecurity Tester

Booz Allen Hamilton Inc.