PENETRATION TESTER (SECRET CLEARANCE REQUIRED
Apply NowCompany: NorthHill Technology
Location: Linthicum Heights, MD 21090
Description:
Description:
The Department of Defense (DoD) Cyber Crime Center (DC3) DoD-Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE) penetration testers conduct Adversary Emulation Tests (AETs) against DIB Partners' external and internal networks, upon request, associated with the processing of Covered Defense Information (CDI). These AETs assess the company's cybersecurity posture and network configurations and controls to identify vulnerabilities on DIB Partners' network infrastructures by leveraging adversarial tactics, techniques, and procedures (TTPs) in accordance with an established penetration testing framework.
This position is mostly remote (must in-process on site at DC3)
Qualifications:
5 years with BS/BA; 3 years with MS/MA; 0 years with PhD (additional experience may be used in lieu of a degree)
Secret clearance required (TS/SCI preferred)
Experience and familiarity with the assessment methods defined in NIST SP 800-30 and NIST SP 800-53A
Experience in drafting written reports
Extensive experience in reviewing and examining data and information that supports cybersecurity assessments
Experience in pen testing fundamentals
Experience in Kali Linux and its toolsets, including Metasploit
Experience in pen testing tools including scanners like Nessus and Nmap
A minimum of three years of the following experience:
Performing authorized pen testing on enterprise networks;
gaining access to targeted networks;
applying expertise to enable new exploitation and maintaining access;
obeying appropriate laws and regulations;
providing infrastructure analysis;
performing analysis of physical and logical digital technologies;
conducting in-depth target and technical analysis;
creating exploitation strategies for identified vulnerabilities;
monitoring target networks; and
profiling network users or system administrators and their activities
Preferred: One or more nationally recognized information system auditing certifications
OSEP (Offensive Security Experienced Penetration Tester)
OSCP (Offensive Security Certified Professional)
GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
GPEN (GIAC Certified Penetration Tester)
LPT (Licensed Penetration Tester)
The Department of Defense (DoD) Cyber Crime Center (DC3) DoD-Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE) penetration testers conduct Adversary Emulation Tests (AETs) against DIB Partners' external and internal networks, upon request, associated with the processing of Covered Defense Information (CDI). These AETs assess the company's cybersecurity posture and network configurations and controls to identify vulnerabilities on DIB Partners' network infrastructures by leveraging adversarial tactics, techniques, and procedures (TTPs) in accordance with an established penetration testing framework.
This position is mostly remote (must in-process on site at DC3)
Qualifications:
5 years with BS/BA; 3 years with MS/MA; 0 years with PhD (additional experience may be used in lieu of a degree)
Secret clearance required (TS/SCI preferred)
Experience and familiarity with the assessment methods defined in NIST SP 800-30 and NIST SP 800-53A
Experience in drafting written reports
Extensive experience in reviewing and examining data and information that supports cybersecurity assessments
Experience in pen testing fundamentals
Experience in Kali Linux and its toolsets, including Metasploit
Experience in pen testing tools including scanners like Nessus and Nmap
A minimum of three years of the following experience:
Performing authorized pen testing on enterprise networks;
gaining access to targeted networks;
applying expertise to enable new exploitation and maintaining access;
obeying appropriate laws and regulations;
providing infrastructure analysis;
performing analysis of physical and logical digital technologies;
conducting in-depth target and technical analysis;
creating exploitation strategies for identified vulnerabilities;
monitoring target networks; and
profiling network users or system administrators and their activities
Preferred: One or more nationally recognized information system auditing certifications
OSEP (Offensive Security Experienced Penetration Tester)
OSCP (Offensive Security Certified Professional)
GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
GPEN (GIAC Certified Penetration Tester)
LPT (Licensed Penetration Tester)