Penetration Tester

Information Systems Solutions (ISS) is looking for a Penetration Tester to perform primarily Red Team activities to assist in the defense of a Research, Development, Test, and Evaluation (RDT&E) network supporting a US Government customer. The selected candidate will primarily be responsible for assessing the current state of the services and infrastructure supporting NIWC, providing the following support:

• Performing penetration testing against a variety of applications using tools such as BURP.
• Perform proof of concept on new exploits to determine if supported networks are vulnerable.
• Ensure signature-based scanning tools are operational.

Clearance Level

• Secret

Certifications (IAT Level II)

• MCSA, Linux+ or other equivalent operating environment certification (equivalent training can be used in lieu of certification)

AND one of the following (or a certification from a higher IAT level):

• CompTIA Cybersecurity Analyst (CompTIA CySA+ CE)
• GIAC Global Industrial Cyber Security Professional (GIAC GICSP)
• CompTIA Security+ CE
• GIAC Security Essentials Certification (GSEC)
• EC-Council Certified Network Defender (EC-Council CND)
• GIAC System Security Certified Practitioner (GIAC SSCP)

Required Skills

• 4 years of relevant experience
• Drafting and review of SOPs (Standard Operation Procedures and POCs (Proofs of Concept)
• Experience as a System Administrator/Network Administrator
• Basic to medium knowledge of core Linux elements
• Experience with vulnerability enumeration and remediation
• Experience with DoD STIGs
• Scripting experience (Powershell, BASH, or Python preferred)
• Experience with virtual machines (vSphere, Virtual Box, KVM, QEMU)

Desired Skills

• Knowledge of Burp Suite security tools
• Knowledge of ACAS suite management, installation, upkeep, and troubleshooting
• Experience with Kali Linux tools such as nMAP, TCPDump, WireShark
• Knowledge of web development and HTML structure
• Working knowledge of OSI network model and network traffic flow
• Working knowledge of Windows Server core elements (Domain Controller, Active Directory, Registry, GPO creation, DISM, SCCM)
• Medium to Advance knowledge of network configuration for switches and routers
• Basic understanding of vulnerability research and exploitation
• Basic knowledge of physical security
• Basic knowledge of hardware exploitation
• Basic knowledge of Cloud core elements
• Penetration testing experience