Penetration Tester

The Michelle Martin Group is seeking experienced Penetration Specialists (Testers) for a government contract engagement. Position will be located in Washington, DC.

Candidates must be US Citizens. Must Have A Degree. Top Secret Clearance required.

Duties:

• 3-5 years recent/current experience in security assessment and penetration testing including experience/expertise with SP-800-53/53a
• Assess system information security policies against DHS policies.
• Ensure policies are comprehensive to system.
• Evaluate security components against their ability to resist threats in the deployed environment.
• Evaluate configurations and implementation of Operating Systems, Applications, firewalls, proxy servers, routers, Virtual Private Networks (VPNs), IDS, wireless networks, etc against legal requirements, departmental/local policy, industry best practices and vendor recommendations.
• Evaluate process and procedures associated with operations
• Conduct vulnerability assessment and penetration testing customized to the system function and technical requirements
• Execute standardized IV&V practices to evaluate comprehensive state of the security posture
• Provide Vulnerability Scanning / Penetration Testing / Ethical Hacking services in the following types environments; Networks, Wireless and Web Application. These services should be able to be targeted against resources ranging in size from a single Web Application portal to an entire GSS.
• Information Assurance Workflow is provided by Xacta IA Manager. Xacta experience preferred but not required.
• Penetration Testing/Ethical Hacking services shall include the ability to provide proof of concept exploits for custom applications as needed during exercises
• Develop and provide formal reporting (including briefings as required) on assessments and penetration test results using prescribed format/templates (Xacta IA Manager).
  

Qualifications:

• TS needed
• All Must Have A Degree
• Prior audit experience preferred!
• Experience with Big 4, Big 8 or other notable Audit firm
• CEH, CISSP, LPT, OWASP, preferred
• Experience with security tools: Nessus, NMap, Web Inspect, AppDetective, Wireshark, Saint, BigFix, Metasploit, Kismet, Linux, BSD, Red Hat, CENTOS, Perl, Python, Hacking, Vulnerability Assessment, Penetration Testing,
• Demonstrated technical experience with:
• Web Application Penetration Testing
• Network Penetration Testing
• Vulnerability Detection and Remediation
• Linux, MS Windows
• Network Switching and Routing

Other Qualifications:

• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open Source Security Testing Methodology Manual (OSSTMM)
• Database administration, device configuration hardening and compliance verification experience a plus.
• CISSP, GIAC, GWAPT, GPEN, CEH, or CCNA certification a plus.
• Familiarity with scripting in UNIX shell, PERL, or Python a plus.
• Advanced degree in an IT related field a plus.
• Working knowledge of firewalls and other network security products.
• Knowledge of applied cryptographic protocols.
• Familiarity with XML, SOAP, and Ajax.
• Ability to conduct source code reviews.

EOE.