Provides Vulnerability Assessment and Penetration testing support to a Cabinet level federal agency. Contributes to a team of information assurance professionals working to improve network security posture.
Must possess three (3) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling.
Able to conduct PenTests and Vulnerability Assessments using Automated and Manual TTPs.
Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
Must have solid working experience and knowledge of Windows and Unix/Linux operating system
A familiarity of Network and System architecture analysis. Fundamentals of network routing & switching and assessing network device configurations
Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
Strong familiarity with OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
Must be able to work alone or in a small group.
OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications
Certified Ethical Hacker