Penetration Tester III 18-050

Ausgar Technologies Norfolk , VA 23511

Posted 4 weeks ago

Relocation Available

AUSGAR Technologies, Inc., an EOE Minorities/Females/Disabled/Veterans employer, is a rapidly growing Service-Disabled Veteran-Owned Small Business (SDVOSB) Department of Defense, government contractor with core competencies in Information Assurance, Cyber Security and Systems Engineering. With offices on both the East and West coasts, an inviting culture, and above-standard benefits, opportunity abounds for the right individual!

Penetration Tester III 18-050

Job Description:

As a growing Department of Defense Contractor, AUSGAR Technologies is expanding its workforce and has a NEW OPENING for a Penetration Tester III.

This position will provide penetration and cybersecurity support of tests and evaluations for the Department of the Navy. The candidate will provide expertise and guidance utilizing tools and techniques to conduct cyber vulnerability and penetration testing of exercise and test events in support of US Government test activities.

Responsibilities include:

  • Participate in the event planning stages to develop cyber assessment plans. Observes and assesses fleet and combatant command exercises.

  • Assist in cybersecurity test design efforts for of acquisition programs under test.

  • Assist Operational Test Directors in identifying cybersecurity requirements.

  • Diagnose acquisition programs' network issues, resolve problems and correct to maximize availability; document network problems and resolution for future reference and refinement of programs.

  • Conduct Cybersecurity pre-execution site surveys.

  • Conduct Cybersecurity architecture (System Unit Test or System of Systems) review and document review for systems under test.

  • Observe, collect data, conduct interviews, document test results, and support system restoration to pre-test state.

  • Analyze Cybersecurity data.

  • Analysis of cybersecurity in support of systems under test.

  • Execute cybersecurity test requirements and improve process and practices.

  • Develop cybersecurity test designs to support Operational Test Directors.

  • Develop representative exploitations to fully test the cybersecurity of any system under test.

  • Develop and execute data collection plan.

  • Manually examine system and network configurations, system logs, and devices.

Total Years of Related Experience for Position: 3-5+ years of red team experience with at least 2 years in a DoD/Federal Government

Job Requirements:

  • Bachelor's degree in Computer Science, Mathematics, Engineering, Business or related fields preferred.

  • DoDD 8570 Level III certification.

  • Certified Ethical Hacker (CEH) required.

  • Global Information Assurance Global Penetration Tester certification (GIA-GPEN) desired.

  • OSCP desired.

  • Certified Red Team member preferred.

  • 3-5+ years of red team experience with at least 2 years in a DoD or Federal government.

  • Experience with penetration testing and test methodologies.

  • Knowledge of networking and communication protocols and devices (routers, switches, firewalls).

  • Experience with Shell scripting required.

  • PowerShell and Python experience preferred.

  • Strong knowledge and experience with Windows Operating System required.

  • Experience of Linux Operating System preferred.

  • Ability to clearly articulate through both written and verbal communications.

  • Travel required (up to 50%).

  • Active TS/SCI clearance required.

An essential qualification for this position is successfully obtaining a Top Secret/SCI security clearance issued by the Federal Government, which may require successful completion of a background check.

AUSGAR Technologies, Inc.is an equal employment opportunity and affirmative action employer. AUSGAR Technologies, Inc.is committed to engaging in affirmative action to increase employment opportunities for females, minorities, protected veterans, and individuals with disabilities. We are an EOE - Minorities/Females/Disabled/Veterans


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Netwarcom Penetration Tester Norfolk VA

Apogee Engineering

Posted 2 months ago

VIEW JOBS 11/11/2018 12:00:00 AM 2019-02-09T00:00 2016 SBA Prime Contractor of the Year, Region VIII   Apogee Engineering is seeking a Penetration Tester located at Norfolk, VA. This effort Supports Navy Network Warfare Command (NETWARCOM) DODIN-N warfighting capabilities by providing critical technical skills, innovation, and creativity that are critical to the defense of Navy networks. Under specific direction, this support to NETWARCOM Navy Blue Team (NBT) performs cooperative vulnerability assessments, analyzes system vulnerabilities, and recommends solutions to actively defeat threats to Navy networks. The scope of this effort provides SME level support to Web Risk Assessment (WRA) Penetration testing and related activities. Why work with us? Apogee Engineering, LLC is a growing provider of research, engineering, operations, financial and administrative expertise across an array of DOD and Federal Civilian customers. Our company was founded on the commitment of making a positive difference regardless of agenda or personality. This commitment, infused with integrity and a passion for excellence, has propelled Apogee Engineering into the ranks of an elite small business company, known for unwavering dedication to their client's success, a warm and family-like work environment, and an enthusiasm to providing the right solution at the right time. What you'll be doing: * Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives. * Demonstrate expertise with website scanning and exploitation tools such as but not limited to: HP WebInspect, Accunetix, Burp Suite, Core Impact, etc. Support execution of and help in development of TTPs for website penetration testing or Blue Teaming. * Use commercial and open source network cyber assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus). * Exploit common vulnerabilities and misconfigurations associated with common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.). * Manually discover key web application flaws. * Produce written reports and briefs on the results of penetration tests. * Conduct planning and execute Blue Teaming, Penetration Testing, and/or Capture the Flag events. * Research various cyber actors' TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Blue Teaming or penetration test operations. * Develop and utilize testing methodology for threat emulation and vulnerability validation. * Develop products and materials required to support TTP development working groups, planning groups, operational planning teams, conferences, table top exercises, war games and operational experiments. * Coordinate with DOD components prior to scans for proper deconfliction. * Maintain an accurate scan database/schedule. * Understand DOD component Whitelists. * Post scan results on DOD web vulnerability scanning (WVS) web portal and notify NCDOC for remediation tracking and reporting. * Create in-depth reports that identify risks to networks based on vulnerabilities discovered in the scan results. * Work with webmasters/web site owners to identify and troubleshoot technical issues prohibiting scanning. * Coordinate/assist mitigation efforts with webmasters/web site owners. * Review Navy websites for compliance with applicable DOD and Navy instructions and directives. * Assist webmasters in registering websites on the NETWARCOM portal. * Liaise with various DOD components concerning web vulnerability scanning and compliance guidelines and issues. What you will need to have: * Active Secret Clearance or higher required * Possess a minimum of five (5) years of experience providing SME and expert guidance in at least five of the following areas: * Hands-on experience performing Penetration Tests and Vulnerability Analysis for websites and other applications, network infrastructure and operating system infrastructures. * Conducting penetration tests on applications, systems, networks, and/or websites utilizing proven/formal processes, industry standards, and tools to include but not limited to: HP WebInspect, Accunetix, Burp Suite, Core Impact, etc. * Exploitation of vulnerabilities associated with most common operating web hosting platforms (IIS, Apache, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.). * Developing, reviewing, and implementing mission area-related policy, doctrine, and development of Navy concepts, doctrine, tactics, techniques, and procedures. * Identifying mission area-related concepts and technologies for examining web technology, including protocols, languages, clients, and server architectures, from the attacker's perspective. * Developing and supporting development of Navy mission areas-related operational concepts, tactics, and experimental concepts and technologies. * Providing subject matter expertise and guidance utilizing tools and techniques to conduct cyber vulnerability and penetration testing of public facing IP addresses. * Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications. * Familiarity with Navy Information System Architecture. * Two or more of the following certifications: * Offensive Security Certified Professional (OSCP) * Web Application Penetration Tester (WAPT) * GIAC Web Application Penetration Tester (GWAPT) * GIAC Penetration Tester (GPEN) * Cisco Certified Network Associate (CCNA) * Certified Ethical Hacker (CEH) certification * Working knowledge of one of the following: Python, C++, Javascript, Ruby Equal Opportunity Employer: minority/female/disabled/veteran Equal Opportunity Employer: disability/veteran All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status Apogee Engineering Norfolk VA

Penetration Tester III 18-050

Ausgar Technologies