31 Jan
7048 - Incident Responder (IR) and Penetration Tester (
California, Seaside , 93955 Seaside USA

Vacancy expired!

Job Posting Title: Penetration Tester (PenTester) / Threat Hunter

Worksite Location: Seaside, CA

Clearance: Top SecretAlliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified Penetration Tester (PenTester) / Threat Hunter with an active Top Secret clearance to support our DoD client, located in Seaside, CA. The selected, highly motivated candidate will plan, conduct, and review penetration testing for a complex, geographically dispersed, mission-critical enterprise. The successful candidate will leverage demonstrated experience in threat management, vulnerability management, asset management, configuration management, and incident response to support DoD cybersecurity requirements and objectives. To perform this job successfully, the selected candidate must be both a cybersecurity generalist, with significant experience across multiple technical domains, and a specialist in offensive cybersecurity tactics, techniques, and procedures (TTPs).

Required Clearance:
  • Active Top Secret clearance with T5/SSBI background investigation

Required Education, Experience, and DoD Cybersecurity Workforce Compliance:
  • Bachelor s degree in computer science, computer forensics, cybersecurity, information security, or similar technical discipline AND 4+ years of cybersecurity experience, preferably in support of the DoD or other federal clients
  • For the exceptional candidate, an additional 4 years of military or civilian professional cybersecurity experience will be considered in lieu of a Bachelor s degree
  • Active Certified Ethical Hacker (CEH) certification

Required Qualifications:
  • Extensive experience performing white- and gray-box penetration testing against desktop machines, physical and virtualized servers, network infrastructure, cloud infrastructure, mobile devices, and web-based applications
  • Ability to author comprehensive penetration testing plans, to defend plans to and gain consensus from upper management, to precisely follow test guidelines, and to document all penetration testing findings, deviations, lessons learned, and other information
  • Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
  • Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
  • Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
  • Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)
  • Experience supporting vulnerability management and patch management through the use of penetration testing to validate vulnerabilities and their subsequent remediation
  • Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response

Desired Qualifications:
  • Development experience in languages such as C/C, Java, Python, and Ruby, as well as experience in command line scripting languages such as Bash and PowerShell
  • One or more penetration testing certifications, including: LPT, PenTest+, GPEN, GWAPT, GXPN, or OSCP
  • Systems architecture, engineering, and networking experience, with preferred certifications such as SSCP, Network+, CCNA, CCNP, CCIE, GISF, GCED, GPPA, or GDSA
  • Experience in threat, vulnerability, and risk management and mitigation, with preferred certifications such as CySA+, GEVA, GCTI, GMON, CRISC, or CISA
  • Experience supporting all aspects of diverse endpoint systems, with preferred certifications such as Linux+, Server+, GCWN, GCUX, MCSA, MCSE, or SCCM
  • Knowledge of and experience administering, optimizing, and securing cloud environments, with preferred certifications such as Cloud+, CCSP, AWS Certified Security, AWS Certified Advanced Networking, Oracle Cloud Infrastructure Certified Associate, or Oracle Cloud Infrastructure Certified Architect Professional
  • Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
  • Experience utilizing DoD tools, including the Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)
  • Experience sandboxing and reverse engineering malicious payloads
  • Past participation in capture the flag (CTF) and other offensive cybersecurity competitions (e.g., DEF CON, BSides, FAUST CTF, GoogleCTF)
  • Experience leveraging the Metasploit Framework to identify and exploit vulnerabilities

Job Description:This role requires a passion for cybersecurity, outside-the-box thinking, and the drive and intellect to uncover and connect discrete data points to build comprehensive threat and vulnerability analyses.

Key Responsibilities:
  • Coordinate with key stakeholders to conduct all phases of penetration testing, including Planning, Discovery, Attack, and Reporting
  • Author comprehensive penetration testing plans and formalized after action reports (AARs), and brief these artifacts to key stakeholders and government leadership
  • With written approval, execute offensive attacks against DoD assets and infrastructure while continually communicating with leadership and extensively documenting results
  • Assist cybersecurity patch management personnel with the identification, validation, and mitigation/remediation of known vulnerabilities affecting the infrastructure, OS, or application
  • Investigate suspected malicious cyber activity, and work with cybersecurity incident response personnel to analyze network traffic, logs, SIEM, and all available data to identify, isolate, and mitigate threats and threat actors
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor s legal duty to furnish information. 41 CFR 60-1.35(c)See job description

Vacancy expired!

Related jobs

Report job