Penetration Tester

Responsibilities:

Perform penetration testing, software assurance, and vulnerability assessment in support of DHS IE customers.

Interpret penetration testing results to identify and recommend corrective actions and/or mitigation strategies.

Produce and deliver reports on individual and enterprise software assurance efforts, working with service providers and individual programs/systems. Deliverable: Software Assurance Reports.

Identify and address security implications during software acceptance activities, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

Perform security test assessments in support of DHS IE and system-specific software assurance efforts, working with service providers and individual programs. 

Collaborate with DevSecOps team participants from other organizations to integrate information assurance and cybersecurity needs and practices on a continuous basis throughout Agile development activities including, but not limited to: requirements, design, implementation, testing, and delivery of new IT solutions, applications, services, and systems, or updating and enhancing existing ones.

Coordinate with teams across the enterprise on the migration of existing IT services to the cloud, including identifying security technical requirements and potential problems and issues, and participating in Agile software development teams.

Perform and document vulnerability assessments of Government-identified DHS IE systems. (Deliverable: Vulnerability Assessment Reports). 

Update and maintain software assurance SOPs in accordance with IC and DHS policy.

• Upon government approval, implement changes to processes and technologies for penetration testing, software assurance, and vulnerability assessment activities, and report metrics in Monthly Status Reports. 

Required Qualifications

Bachelor's degree in computer science, Cybersecurity or a related field.

• Minimum of 8 years of experience with enterprise security architectures, and cloud-based network infrastructures such as AWS or Azure or Google Cloud.
• Proven experience as a Penetration Tester.
• Knowledge of penetration testing methodologies and tools.
• Strong problem-solving skills and ability to think like an attacker.
• Excellent communication skills to report findings and provide recommendations.
• Relevant certifications such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) are preferred.
• Experience with AWS, Azure, RHEL, Linux, and Tenable.
• Experience with tools such as Kali Linux, Burpsuite Pro, and Metasploit.
• Active Top Secret Clearance w/SCI eligible