Job Description
Job specifications are intended to present a descriptive list of the range of duties performed by employees. Specifications are not intended to reflect all duties performed within the job. SUMMARY Global Technical Services (GTS), a subsidiary of **MEMBERS ONLY**SIGN UP NOW*** is currently seeking a Penetration Testing Engineer for one of our federal clients located in Washington, DC. The Penetration Testing Engineer will work on a team of penetration testers supporting a federal client’s enterprise penetration testing program to regularly probe the client’s IT infrastructure for exploitable vulnerabilities. Everything is in scope: workstations, servers, the client’s 50 major applications, network devices, wireless access points, telecoms/VOIP, mobile devices, and electronic physical access controls. The penetration testing team tests all facets of the client’s network enterprise. The team creates custom exploits to find and demonstrate weaknesses in the client’s in-house applications, creates customized malware payloads designed to evade antivirus and other security monitoring tools in order to identify coverage gaps and improve security controls, and conducts spear phishing exercises to test the SOC’s incident response effectiveness and user security awareness. The penetration team also participates in CTF competitions at the various security conferences in the region. ESSENTIAL DUTIES & RESPONSIBILITIES The ideal candidate will have several years of penetration testing/red teaming experience in large-scale corporate environments. The candidate will be proficient with vulnerability discovery and performing actual exploitation of both Windows and Linux systems. Familiarity with APT-style tactics such as performing post-exploitation reconnaissance and covert data exfiltration is also desirable. Support federal client’s enterprise penetration testing program to test all facets of client’s IT infrastructure for exploitable weaknesses on a continuous basis. Conduct system-specific penetration tests in support of A&A cycles. Conduct regular spear phishing campaigns using weaponized payloads (Cobalt Strike Beacons) to measure and improve SOC’s incident response effectiveness and test users’ security awareness. Conduct Purple Team adversary simulation exercises to train SOC staff on recognizing and responding to APT-style TTPs, such as encrypted C2 communication, anti-virus evasion, and covert channel data exfiltration. Compete as part of a team in various regional CTF competitions (BSides, ShmooCon, etc.) Operate enterprise-grade and open-source penetration testing software, including: Cobalt Strike BloodHound PowerShell Empire Kali Linux tool suite Nmap Burp Suite AirCrack-ng Metasploit Framework Veil Framework SQLmap Etc… Windows Credential Editor/Mimikatz Other tools as applicable Develop custom proof of concept exploit code/scripts to illustrate exploitable vulnerabilities. Effectively interface with federal management and system owners to facilitate the successful planning and execution of regular penetration tests on the client’s 50 major applications. Cross-train other specialist security engineers to enable them to assist with penetration testing activities. Learn from other specialist security engineers to be able to assist with advanced incident response activities. QUALIFICATIONS - EXPERIENCE, EDUCATION AND CERTIFICATION Required (Minimum) Qualifications 2 years of hardcore hands-on-keyboard penetration testing experience (running nmap and Nessus scans doesn’t count, must have experience actually exploiting target assets/popping shells) 4 years of Information Security-related experience Knowledge, Skills and Abilities Proficiency with common open-source penetration testing tools such as the Kali Linux tool suite, i.e. Metasploit Framework, SQLmap, PowerShell Empire. In-depth knowledge of and proficiency with common exploitation techniques such as SQL injection, XSS, pass-the-hash, etc. Ability to craft custom exploits to provide proof of concept vulnerability validation. Proficient scripting skills in Python, PowerShell, and/or Bash. In-depth knowledge of common enterprise networking protocols: TCP/IP, SMB, DNS, RDP, SSH, FTP/SFTP/SCP, RPC/WinRM, NetBIOS, HTTP/S, SMTP, etc. In-depth knowledge of common enterprise operating systems: Windows, Linux/Unix Essential that the candidate is a team-player. Exceptional critical thinking and analytical skills – candidate must have the ability to fully learn and understand security measures and devise creative mechanisms to defeat them. Ability to calculate and assess risk based on threats, vulnerabilities, and mitigating factors. Self-starter with ability work with little supervision. Preferred OSCP certification (highly desirable) Binary exploitation skills Ability to craft buffer overflow attacks against custom executables Reverse engineering and debugging skills for both PE and ELF binaries, on both x86 and x86_64 architectures Experience bypassing ASLR and DEP Familiarity with non-Windows operating systems, i.e. Cisco IOS, Mac OSX, Android, Apple iOS, IBM Z/OS Familiarity with NIST SP 800-53 controls Bachelor’s degree or higher in Information Technology-related field PHYSICAL REQUIREMENTS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. WORK ENVIRONMENT Work Environment characteristics described here are representative of those that must be borne by an employee to successfully perform the essential functions of this job. Job is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse and multi-line telephone system. The work described herein is primarily a modern office setting. Occasional travel may be required. SUPERVISORY RESPONSIBILITIES No supervisory responsibilities. ADDITIONAL QUALIFYING FACTORS As a condition of employment, may be required to pass a pre-employment drug screening, as well as have acceptable reference and background check results to obtain access to military base. Must have reliable transportation to/from work a necessity and must be able to obtain access to military installations. Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.) Shareholder Preference. BSNC gives hiring, promotion, training and retention preference to BSNC shareholders, BSNC shareholder descendants and BSNC shareholder spouses, in that order. **MEMBERS ONLY**SIGN UP NOW*** is an Equal Opportunity/ AA/ Male/ Female/ Disability/ Vets employer. We participate in the E-Verify Employment Verification Program. We are a drug free workplace. Visit our website at **MEMBERS ONLY**SIGN UP NOW***for more details and to apply. # of Vacancies 1 Job Requirements
Search Results
