SAIC Job - 33394461 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: SAIC
Location: Bethesda, MD
Career Level: Mid-Senior Level
Industries: Technology, Software, IT, Electronics

Description

Description

The Senior Cyber Security Penetration Tester plans, communicates, coordinates and conducts security assessments for applications, systems and enterprise networks. The overall goal of the penetration tester is to proactively identify weaknesses and ensure that devices, applications, services, and systems are designed and implemented to the highest standards and remain resilient to modern threats.


The penetration tester pro-actively conducts engagements that simulate adversarial threats and attacks in a timely manner within approved scopes by taking the vulnerabilities out of the theoretical realm to truly demonstrate the risk with the use existing tools as well as self-created tools including but not limited to creating & customizing exploits and reversing binaries to find security vulnerabilities. The penetration tester helps with the design, development and recommendation of security solutions or new policies, standards and procedures.


Constant collaboration must be managed with various organizational partners including, but not limited to the blue teams, data owners, system owners & control owners to make sure the impact of the risk is understood and managed. The Senior Cyber Security Penetration Tester must establish an excellent trust relationship with the organization and with the cyber defenders to ensure acceptable levels of risk are always maintained for the organization.

Job responsibilities:

    • Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level
    • Develop automation/scripts for replicating vulnerability validation and penetration tests
    • Devise plans and scenarios for various types of penetration tests
    • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
    • Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
    • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
    • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement

Qualifications

  • Active TS/SCI with Poly is required
  • Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, Customer Security
  • +6 years of Information Security Experience preferably in penetration testing, red teaming, reverse engineering and vulnerability management
  • Professional Security Certifications such as (OSCP/OSCE-Offensive Security Certified Professional/Expert, GXPN-Sans GIAC exploit researcher and advanced Pen Tester, or CRTOP-Certified Red Team Operation Professional, etc).
  • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
  • Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
  • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
  • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
Desired:
  • +2 years of experience within governmental sectors
  • Prior experience or expertise performing Red team exercises


 Apply on company website