Dark Wolf Solutions Arlington, VA
- Posted: over a month ago
- Benefits: 401k, dental, life insurance, medical, vision,
Dark Wolf Solutions is looking for a Penetration Tester who will plan and perform continuous cross-domain vulnerability assessments and penetration testing following the customer’s prescribed scope statement with authorities. The ideal candidate must display familiarity with both cloud-based and on-premises Windows, Linux and mobile operating systems and environments and be able to conduct network and application security vulnerability analysis. Specifically, the candidate will analyze mission systems to help identify potential vulnerabilities and help to provide and implement remediation strategies to customers for these issues. The successful candidate must have prior experience with multiple facets of penetration testing, using both open source and proprietary tools. Conducts open-source research on clients and their infrastructure to help identify data leakage to could lead to vulnerabilities. Correlates threat data from various sources. Leverages programming knowledge to develop custom exploits for unique client systems. Travels to client sites on a semi-regular basis to conduct onsite assessments and tests. Prepares assessments and presentations of analyses and findings. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations.
Candidates may be asked to move between projects and participate in either single engagement penetration tests or continuous engagement Red Teams. The position will primarily require the candidate to lead the technical aspect of a specific, long-term penetration testing effort, helping to conduct varied testing efforts against applications and networks for the federal government. Candidates may also be placed on a larger Red Team and be expected to develop a continuous campaign-based assessment that emulates the target’s real-world adversaries by developing new tools specific to the target. Candidates will be expected to integrate into ongoing testing efforts, requiring subject matter expertise in multiple disciplines of vulnerability testing and assessment, the ability to interact and liaison directly with clients and a strong ability to write and document findings. Travel is required on occasional basis for clients requiring onsite testing.
- 2+ years’ experience in three or more specific areas to include: analysis, network engineering, networking security, penetration testing tool, red teaming, hardware engineering, software engineering, vulnerability assessment tools (OS, web, database) etc
- Proficiency in the testing and assessment of mobile operating systems, embedded systems and/or IoT devices
- Familiarity with unmanned aerial vehicles and associated mobile and wireless technologies
- Proficiency of various operating systems: Windows, iOS, Android, or Linux
- Proficiency with cloud technology and deployments: Amazon Web Services, Microsoft Azure
- Proficiency with at least three (3) or more of the following: mobile security, telecom protocols, operating systems analysis, reverse engineering, forensics, network analysis, vulnerability assessment or malware
- Moderate competency in at least one scripting or coding language
- Working knowledge of software development, with preference for experience working around software development teams and efforts
- Experience in network analysis methodologies
- Experience in drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis
- Demonstrated strong written and verbal communication skills
- BS (or equivalent) in Cyber security, Information Security, IT, EE, Network Engineering, Computer Science, or related field
- US Citizenship and an active Secret Security Clearance
- Familiarity with container technologies to include container orchestration and microservices
- Experience with DevSecOps, Helm, Gitlab, and K8s
- Security Certification: CEH, GIAC or equivalent pen testing cert.
- Familiarity with Wireshark, Fiddler, EnCase, Sleuthkit and similar tools
- Experience employing advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis
- Desired security certification: examples include OSCP, CEH, CISSP, or Security+
- Law Enforcement/Cyber Forensics experience
- Experience in performing post-incident computer forensics without destruction of critical data.
- Desired experience ensuring quality assurance and the spreading of best practices
- Experience with operational communications
- MS degree in technical field
We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.
We support a diverse portfolio of solutions and services for Defense, Intelligence, and Fortune 500 customers. Our team comprises analysts, support officers, and experienced engineers and integrators with hands-on expertise across many of the most relevant COTS, GOTS, and open source technologies. We also regularly compete in premier competitions, with an increasing number of black badges such as wins at BSides DC (2016 and 2018) and DEFCON (2017).
Dark Wolf SolutionsWhy Work Here?
Join the Pack
Dark Wolf Solutions operates at the nexus of mission and technology to meet our Nation's most challenging missions. We combine the most innovative emerging technologies with deep federal domain expertise through cutting-edge intelligence services, DevSecOps agile software development, information operations, penetration testing and incident response, applied research and rapid prototyping, machine learning, and engineering services. We support a diverse portfolio of solutions and services for Defense, Intelligence, and Fortune 500 customers. Our team comprises analysts, support officers, and experienced engineers and integrators with hands-on expertise across many of the most relevant COTS, GOTS, and open source technologies. We also regularly compete in premier competitions, with an increasing number of black badges such as wins at BSides DC (2016 and 2018) and DEFCON (2017).