Penetration Tester w/ TS/SCI & Poly
Mission Services | Washington, DC | Full Time
Penetration Tester w/ TS/SCI & Poly
Hours: Full time (day)
Required Clearance: TS/SCI w/ Poly
Location: Northern Virginia
Location: Northern VA
Experience: At least 5 years of prior work experience in IT security testing and analysis with an emphasis on penetration testing, preferably in support of the Federal government.
Education: Bachelor's (or higher), in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines (or SANS/Sec Cert). Additional years of experience required in lieu of degree.
Position Summary: EICORP s currently seeking a Penetration Tester to join our team. The Penetration Tester will be performing penetration testing in red/blue team scenarios, and will be working closely with the customer’s ISSOs to evaluate vulnerabilities.
- Follow industry best practices and methodologies, including the Open Web Application Security Project (OWASP) Testing Guide, to perform penetration testing services to uncover vulnerabilities across various web applications
- Test web services using automated web application scanning methodologies and tools (e.g. IBM AppScan, HP WebInspect, Acunetix WVS, etc...)
- Test web services using a manual in-depth testing methodologies and tools (e.g. Burp Suite Pro, ZAP Proxy, IronWASP, etc...)
- Summarize and document results of testing for management reporting including proper disposition of test exceptions.
- Research new threats, attack vectors, and risk.
- Report on security vulnerabilities via formal reports and weekly status updates.
- Verify the security findings from other members of the penetration testing team.
- Industry certifications relating to IT security and program management preferred (GIAC, GPEN, OSCP, CEH)
- Experience with web application penetration testing tools preferred, such as Burp Suite Pro, IBM AppScan, HP WebInspect, etc...
- Ability to work independently and also collaborating closely with application developers, engineers and others.
- Must be self-motivated and results oriented.
- Effective written, oral communication skills, and interpersonal communication skills.
- Strong communications skills to be able to interact with technical and non-technical colleagues.
- Knowledge of the latest security threats, techniques and exploits targeting vulnerabilities
- Network and web application penetration testing
- Vulnerability assessments followed by providing best security practice recommendations and countermeasures
- Strong familiarity with multiple operating systems, databases, applications and platforms.
- Understanding of SQL, XSS, CSRF, XXE, and other trends in web exploitation
- Working understanding of HTML and common web applications
- Thorough understanding of computer networking and the OSI model
- Cyber-threat research, reporting and development/implementation of vulnerability mitigation strategies
- Experience with network, web, and information security
- Self-starter with ability work with little supervision
- Programming experience is a plus!
- Calculate and assess risk based on threats, vulnerabilities, and mitigating factors.
- Expert knowledge in computer and network security.
- Expert level knowledge in penetration testing methodology.
- Knowledge of exploit development.
- Knowledge of common IT technologies (OS, databases, network devices, applications)
- Familiarity in one or more of the following areas: application security, Linux/Windows system security, mobile device security, cloud technologies (IaaS, SaaS environments, etc.), and web technologies.
- Demonstrated knowledge and experience evaluating IT process areas, such as logical and physical access, program development, change management, IT operations etc.
- Strong project management skills and ability to multi-task.
- Detail oriented and analytical.
- Essential that the candidate is a team-player
EICORP is a leader in intelligence, surveillance and reconnaissance; advanced cyber solutions; cloud and managed IT solutions; engineering, and information-based solutions for law enforcement and homeland security. We provide training and logistics in support of readiness operations; and operational support services and solutions in support of organizations not limited to DHS, DoD, and the Intelligence Community (IC). We hire mission enablers whom reflect our communities and proactively embrace diversity and inclusion, in order to advance our corporate culture, develop our family of employees into the best they can be, and in turn grow our marketshare throughout industry.
EICORP is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, veteran status, or any other protected factor.