What You'll Get to Do: As a Penetration Tester, you will provide technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. This is a hands-on role, requiring technical skills from the hardware to the application layer.
More About the Role:
Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments
Conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities of client networks, and develop comprehensive and accurate reports and presentations client.
Communicate findings and strategy to client stakeholders
Apply security testing and penetration testing techniques and mindset to a wide range of projects
You'll Bring These Qualifications:
Must have an active TS/SCI with Poly
Demonstrated real world experience performing grey and black box penetration testing
Have an understanding of and interest in common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc.
Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables, Sysinternals, A/V evasion methodologies, Exploit Dev
Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; ESXi or similar; mobile platforms are a plus
Solid understanding of networking, TCP/IP, virtualization and cloud/data center architecture
Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards
Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open source exfiltration techniques
These Qualifications Would be Nice to Have:
Experience performing Red Team, Blue Team Operations
Certifications such as OSCP, OSCE, GPEN, GWAPT, GPEN, GXPN, CEH, CISSP
Malware analysis or digital computer forensics experience
Cyber related Law Enforcement or Counterintelligence experience
Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus
Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats
Proactive interest in emerging technologies and techniques related to penetration testing
What We Can Offer You:
- We've been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
- For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.