PenTest 2

Position Title: PenTest 2
Position Type: Full-time, On-Site
Position Location: Chantilly, VA
Clearance: Active TS/SC w/ CI Poly

Waypoint's client is seeking a Penetration Tester (PenTest) Level 2 to join their growing team. PenTest Level 2 is responsible for reviewing, evaluating, and enhancing the security posture of information systems through thorough testing and analysis. Pen Testers assess vulnerabilities, recommend improvements, and perform security-focused services to safeguard information assets. The role requires significant technical expertise and experience to effectively execute penetration testing activities .

Responsibilities:

• Review and evaluate NRO information systems to identify vulnerabilities and recommend security enhancements to the Government.
• Perform penetration testing and red teaming activities to assess and improve the security posture of NRO information systems.
• Conduct threat hunting exercises to proactively identify potential security threats and weaknesses.
• Demonstrate strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
• Utilize penetration testing methodologies such as MITRE ATT&CK and OWASP to conduct thorough assessments.
• Employ common penetration testing tools, tactics, techniques, and procedures to identify and exploit security weaknesses.
• Research, develop, and maintain knowledge of penetration testing tools and techniques to stay current with emerging threats.
• Incorporate threat intelligence data into penetration testing scenarios to simulate real-world attack scenarios.
• Troubleshoot and resolve security issues with a strong attention to detail and problem-solving skills.
• Develop and maintain code using interpreted languages like Python, PHP, or Ruby for scripting purposes.
• Utilize simulated/emulated environments and virtualization technologies for testing purposes.
• Familiarity with orchestration tools and virtualization environments such as Docker and Kubernetes.
• Experience with industrial control systems deployment, security best practices, vulnerabilities, and penetration testing.
• Knowledge of ICD 503 and the Government's certification and accreditation process.
• Proficiency in configuring and supporting various operating systems including Windows, Linux, Unix, and Mac OS X.
• Experience with configuring and supporting virtualization platforms like VMware, Xen, and Hyper V.
• Participate in system certification activities and efforts related to system certification and accreditation.
• Collaborate with cross-functional teams to develop, integrate, and distribute information systems security tools and documentation.
• Ensure consistent security policy implementation through adherence to security procedures for systems and software.
• Provide technical project management support as needed.

Requirements:

• Bachelor's Degree or higher with 3 years of relevant experience, OR High School GED with 5 years, OR Associate's Degree with 4 years, OR Master's Degree or higher with 2 years.
• Degree in Engineering, Cyber Security, Computer Science, or related field of study is desired.
• Experience in performing Certification & Accreditation or Assessment & Authorization testing is preferred.
• Cyber security experience with emphasis on red teaming, penetration testing, or threat hunting.
• Strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
• Proficiency in penetration testing methodologies (MITRE ATT&CK, OWASP).
• Ability to utilize common penetration tools and incorporate threat intelligence data.
• Proficiency in troubleshooting, code reading/writing (Python, PHP, Ruby), and virtualization technologies.
• Experience with cloud environments, industrial control systems, and ICD 503/Government's certification process.
• Familiarity with system methodologies, software integration, and security procedures.
• Relevant education in computer engineering, information security, cyber security, or computer science.
• Experience in technical project management.