Senior Penetration Tester

H&R Block, Inc. Kansas City , MO 64126

Posted 1 week ago

Job Description:

H&R Block is seeking an experienced Penetration Tester to conduct full-scope vulnerability assessment and penetration testing. The Penetration Tester must be able to plan, coordinate, and perform red team and penetration testing technical assessments. Maintain communication between system owners and the assessment team, including before, during, and after test events. Develop test plans and perform management and administrative functions for the assessment team, including data gathering, exploit approval, and report generation after test activities. Maintain assessment team processes and procedures and manage the maintenance of the standardized testing platform.

Responsibilities will include:

  • Plan, communicate, coordinate and perform penetration tests and security assessments at application, system and enterprise level.

  • Develop all Rules of Engagement, scoping documents and reports

  • Perform manual penetration tests and validation of vulnerability scan results.

  • Develops automation/scripts for replicating vulnerability validation and penetration tests.

  • Develop SOPs and architect all penetration testing and security assessment methodologies.

  • Devises plans and scenarios for various types of penetration tests.

  • Documents exploits and results in remediation and final report.

  • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities

  • Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.

  • Selects, installs, and configures security testing platforms and tools or develop tools and procedures for vulnerability assessments and penetration tests.

  • Contributes to application of FISMA compliance mechanisms, including NIST SP 800 series, with the addition of sound methodologies in lieu of weakly-defined and subjective scores.

  • Performs vulnerability assessments using automated tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)

  • Performs off-hours work as necessary.

Required Skills:

  • Experience in penetration testing large and complex enterprise networks

  • Experience with utilizing penetration testing methodologies

  • Experience with web and mobile applications, databases, operating systems

  • Experience with regulatory compliance, policy development, and policy enforcement

  • Experience with FISMA compliance and the NIST SP 800 series

  • Experience with DISA STIGs or similar secure configuration guidelines.

  • Experience in the roles identified above

  • At least 3+ years of penetration test experience

  • Excellent communication and interpersonal skills

  • Hands-on OS configuration/administration experience

  • Programming experience with focus on penetration testing or process automation

Desired Skills:

  • Experience with cyber security development projects and programs

  • Experience with process development and deployment

  • Experience with the following technologies:

  • Kali Linux

  • Metasploit

  • Nmap

  • Burp Suite

  • Powersploit

  • Qualys

  • Experience with three or more of the following:

  • Security COTS integration

  • Security Incident Event Management

  • Operating System Hardening

  • Vulnerability Assessment testing

  • Identification and Authentication schemes

  • Public Key Infrastructure and Identity Management

  • Cross Domain Solutions

  • Reverse Engineering

  • Security engineering

  • Excellent writing skills

Required Education:

  • Bachelor's Degree in related field. Equivalent experience in military, civil, or corporate continuity planning will be considered.

Desired Certifications:

  • DODI 8570.1-M Compliance at IAT Level II; CISSP, CPT, CEH preferred.

#dicepost


upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
IT Specialist (Sa/As) Systems Acceptability Tester 12 Month Roster

Department Of The Treasury

Posted 5 days ago

VIEW JOBS 1/16/2019 12:00:00 AM 2019-04-16T00:00 * Duties HelpDuties Summary The U.S. Department of the Treasury has a distinguished history dating back to the founding of our nation. As the steward of U.S. economic and financial systems, Treasury is a major and influential leader in today's global economy. We have over 100,000 employees across the country and around the world. Come Join the Department of the Treasury and Invest in Tomorrow. WHAT DOES AN INFORMATION TECHNOLOGY SPECIALIST (SA/AS) DO? An Information Technology (IT) Specialist (Systems Acceptability Tester) SAT uses a wide variety of information, knowledge, and tools to address complex system analysis and applications software assignments each day. In this role, you will be involved in conducting systems analysis to design, document, develop, modify, test, install, implement, and support new or existing applications software products within the IRS. Many of these assignments may be broad (possibly national) in scope, and/or involve difficult and complex issues. As an IT Specialist, you are responsible for the development of components of national projects and eventually, you may be called upon to lead significant projects assigned to your unit. The position requires (extensive-depending on the level of position) experience in enterprise-wide application solutions based on the business and users requirements. WHAT IS THE IRS INFORMATION TECHNOLOGY DIVISION? The mission of the IRS Information Technology Division is to provide leadership in the delivery of information technology solutions that anticipate and meet enterprise-wide needs by empowering employees to deliver customer-centered, value-creating systems, products, services, and support. Positions are located within Information Technology (IT). This announcement will be used to fill positions IT-Wide. Thirty Five (35) vacancies to be filled in any of the following locations; Lanham-Seabrook MD, Washington DC, Austin TX, Farmers Branch TX, Detroit MI, Ogden UT, Kearneysville WV, Memphis TN, Kansas City MO, Atlanta GA, Fresno CA, Holtsville NY, Philadelphia PA, Covington KY, Chamblee GA, Charlotte NC. Learn more about this agency Responsibilities As AN INFORMATION TECHNOLOGY SPECIALIST (SA/AS) you will: * Plan, develop, schedule and conduct systems acceptability tests of modernization and production systems; including Tier I and Tier II applications for mission critical tax processing and internal support systems. * Provide technical guidance during a significant project in designing, coding, testing, debugging, and maintaining programs; translating and interpreting functional requirements. * Translate and interpret functional requirements involved with the local phase of national project. * Apply computer assisted software engineering (CASE) tools to the design and development process. * Test, install, implement, document and maintain software during a significant local project or as needed to support applications which have a broad impact * Provide guidance to less experienced coworkers in solving programming problems. * Maintain source code; and modify and/or upgrade code as necessary as needed to support applications which have a broad impact. If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties, and will receive training to help you grow in this position. WHERE CAN I FIND OUT MORE ABOUT OTHER IRS CAREERS? If you want to find out more about IRS careers, visit us on the web at www.jobs.irs.gov This is a 12 month roster open continuous announcement that will be used to fill positions IT-Wide throughout the next 12 months. We are projecting approximately 35 vacancies may be filled during the life of this roster. Contingent upon funding and space requirements, one or more vacancies may be filled in the individual PODs listed as they become available in that location during the life of this roster. It is anticipated that there will be a significant interest in the announcement. As a result the announcement will have cut-offs for applicant consideration. Eligible applicants in the highest category will be considered in application date order as needed to fill vacancies. First cut-off date is : 07/20/2018. You must complete the application process and submit required documentation by 11:59 Eastern Time (ET) before or on the cut-off date and/or on the closing date of this announcement. You may be able to update your application during the time this roster announcement is open. Travel Required Occasional travel - Travel may be required 1-5 nights per month. Supervisory status No Promotion Potential 12 Who May Apply This job is open to… US citizens; no prior Federal experience is required. Questions? This job is open to 1 group. * Job family (Series) 2210 Information Technology Management Similar jobs * Computer Support Specialists * Information Technology Specialist (It Specialist) * Requirements HelpRequirements Conditions of Employment * Please refer to "Conditions of Employment." * Click "Print Preview" to review the entire announcement before applying. * Qualifications You must meet the following requirements by the closing date of this announcement: For Grades 9 THRU 11: You may qualify by a combination of experience and education. Options for qualifying based on a combination will be identified in the online questions. * The experiencemayhave been gained in the public sector,private sector or VolunteerService. One year of experience refers to full-timework; part-time work is considered on a prorated basis. * To ensure full credit for your work experience, please indicate dates of employment by month/year, and indicate number of hours worked per week, on your resume. GS-09 LEVEL: You must have one year of specialized experience at a level of difficulty and responsibility equivalent to the GS-7 grade level in the Federal service. This experience must include Information Technology (IT) related experience that demonstrates each of the following four competencies: 1) Attention to Detail, 2) Customer Service, 3) Oral Communication and 4) Problem Solving. Specialized experience for this position includes: Experience in an IT field or work where the primary concern was the subject matter of the IT application. The assignments must have shown completion of the following, or the equivalent: Analysis of the interrelationships of pertinent components of the system; planning the sequence of actions necessary to accomplish the assignment; personal responsibility for at least a segment of the overall project. OR Master's or equivalent graduate degree or two full years of progressively higher level graduate education leading to a master's or equivalent graduate degree in computer science, engineering, information science, information systems management, mathematics, statistics, operations research, engineering or technology management or in one or more of the fields identified above that required the development or adaptation of applications, systems or networks. One year of graduate education is creditable in accordance with its relationship to a year of full-time study at the school attended. OR At least 1 year of combined graduate education and experience as defined in paragraphs above. GS-11 LEVEL: You must have one year of specialized experience at a level of difficulty and responsibility equivalent to the GS-9 grade level in the Federal service. This experience must include Information Technology (IT) related experience that demonstrates each of the following four competencies: 1) Attention to Detail, 2) Customer Service, 3) Oral Communication and 4) Problem Solving. Specialized experience for this position includes: Experience that demonstrated an accomplishment of computer project assignments that required a range of knowledge of computer requirements and techniques. For example, assignments would show experience in developing modifications to parts of a system that required significant revisions in the logic or techniques used in the original development. Must have been in an IT field or work where the primary concern was the subject matter of the IT application. The assignments must have shown completion of the following, or the equivalent: Knowledge of the customary approaches, techniques, and requirements appropriate to an assigned computer applications area or computer specialty area in an organization; planning the sequence of actions necessary to accomplish the assignment where this entailed coordination with others outside the organizational unit and development of project controls; adaptation of guidelines or precedents to the needs of the assignment. OR A Ph.D. or equivalent doctoral degree or Three full years of progressively higher-level graduate education leading to a Ph.D. or equivalent doctoral degree In computer science, information science, information systems management, mathematics, statistics, operations research, engineering or technology management or in one or more of the fields identified above and required the development or adaptation of computer of applications, systems or networks. One year of graduate education is creditable in accordance with its relationship to a year of full-time study at the school attended. OR At least 1 year of combined graduate education and experience as defined in paragraphs above. GS-12 LEVEL: You must have one year of specialized experience at a level of difficulty and responsibility equivalent to the GS-11 grade level in the Federal service. This experience must include Information Technology (IT) related experience that demonstrates each of the following four competencies: 1) Attention to Detail, 2) Customer Service, 3) Oral Communication and 4) Problem Solving. Specialized experience for this position includes: This knowledge is generally demonstrated through assignments that required the ability to analyze a number of alternative approaches in the process of advising management concerning major aspects of IT system design. This would include defining what system interrelationships must be considered, or what operating mode, system software, and/or equipment configuration is most appropriate for a given project. Education Department Of The Treasury Kansas City MO

Senior Penetration Tester

H&R Block, Inc.