• DURATION: Temp to hire; NO sponsorship available • INTERVIEW PROCESS: conduct phone interview first, then onsite interview for the right person
ACTUAL Position Title: Network Security Penetration Tester
Overview: The ideal candidate would be a Security Professional who would have in addition to regular Security Professional abilities, both of the following skill sets: • Professional Level experience in one of the following disciplines: Networking, Firewalls, Server Administration, Encryption, Databases, Development • SOC experience which may include IDS/Sourcefire, Wireshark, or Packet level forensics analysis experience. The candidate will be comfortable researching and understanding a wide-variety of existing and emerging technology, have the ability to participate in the aggressive testing schedule of the Cyber Security Assessment Team (CSAT) and appropriately contribute to the daily workload of a highly skilled and diverse group of security assessment testers.
Position Requirements: The candidate is required to possess hands-on, expert-level technical proficiency and technical certifications specific to a critical skill. All CSAT testers must possess more than one of the following certifications: Certified Information Security Professionals (CISSP), SANS GIAC Certified Incident Handler (GCIH), Microsoft Certified Solutions Expert (MCSE), Certified Cisco Network Professional (CCNP), Red Hat Certified Expert (RHCE), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), Offensive-Security Certified Professional (OSCP), Metasploit Pro Certified Engineer (MPCE), and Certified Ethical Hacker (CEH).
Candidate will conduct automated and manual tests of information systems, to include review of previous vulnerability scans, compliance scans/results, penetration testing. Candidate will use a variety of techniques to perform tests and assessments, such as threat modeling, threat simulation and social engineering. The candidate should be comfortable researching and understanding a wide variety of information systems and emerging technologies. The candidate will develop test plans, operation schedules, perform tests and prepare after-action reports for information systems. Candidates will also document tests in accordance with client’s Information Security Policies and CSAT standard operating procedures. CSAT security projects range in complexity and duration. Projects are ongoing, based on NPOV, threat modeling throughout the year. The level of effort and number of security assessors varies depending on the criticality of the system, technology, and schedule. Testing is conducted worldwide, the ability to travel in CONUS and internationally is required.
Skills description: In addition to completing the tasks listed above, the candidate shall: • Have a broad knowledge of security methodologies, solutions and best practices, and have expert level knowledge of one or more domains. • Have a broad knowledge of the technical and non-technical tactics, techniques and procedures used by adversaries to exploit information systems. Candidates should be able to conduct advanced tests that simulate malicious users. • Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap. • Advanced understanding of the strengths and weaknesses of security tools. Ability to select the right tool for the job. Ability to configure and troubleshoot tools if necessary. • Be comfortable using, configuring, troubleshooting, and administrating both UNIX based and Microsoft operating systems. Candidate should also have extensive systems engineering experience with at least one of these OSs. • Candidate should understand the security guidelines published by the National Institute of Standards (800-53) (800-115). • Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of data related to complex systems. Ability to articulate thoughts and findings in a concise and comprehensive manner. Candidate should also have a strong professional bearing.