Today
Secret
Unspecified
Unspecified
IT - QA and Test
konterra, MD (On-Site/Office)
Company: Top tier provider to the Fed Gov
Position: Pen Tester
Location: onsite 5 days a week Beltsville, MD
Clearance: Secret or higher
Provide penetration testing services using a variety of tactics, techniques, and procedures to identify exploitable vulnerabilities in networks and systems while also measuring compliance with organizational security policies, testing whether staff are aware of security issues, and ultimately determining the organization's risk to cybersecurity threats.
Perform network mapping and reconnaissance, document Rules of Engagement to guide the scope, develops test plan, and assists with acquiring management approval.
External Testing: Conduct a variety of penetration tests based on system's criticality, test objectives, and organization's requirements to include:
Working with IT personnel to define scope for targeted testing
Mimicking an outside attacker to gain access to system and what information can be accessed.
Internal Testing: Mimic an outside an insider attack to determine risk employees with various access levels pose to the organization.
Red Team Testing: Focus testing activity towards accessing specific target datasets. Testing methodology should include crafted e-mails, custom public websites, exploit code, and social engineering.
Analyze test results, develop a report on discovered vulnerabilities, and provide risk-based recommendations to remediate those vulnerabilities.
Core Requirements
• Active Security Clearance
• Federal Contracting Experience
Familiarity with working in government environments, including compliance with NIST, FISMA, and FedRAMP standards.
Technical Skills
• Penetration Testing Tools
• Vulnerability Remediation
• Operating Systems Expertise
Deep understanding of Windows, Linux, and macOS internals.
• Scripting & Programming
Experience with Python, PowerShell, Bash, or other scripting languages used in automation and exploit development.
• Network & Web Application Testing
Ability to identify and exploit vulnerabilities in networks, APIs, and web applications (e.g., SQLi, XSS, CSRF).
• Active Directory & Cloud Environments
Experience with AD enumeration and exploitation; familiarity with cloud platforms like AWS, Azure, and GCP.
Certifications (Preferred)
• HVA Operator Certification strongly desired
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• GPEN (GIAC Penetration Tester)
• CPT (Certified Penetration Tester)
Position: Pen Tester
Location: onsite 5 days a week Beltsville, MD
Clearance: Secret or higher
Provide penetration testing services using a variety of tactics, techniques, and procedures to identify exploitable vulnerabilities in networks and systems while also measuring compliance with organizational security policies, testing whether staff are aware of security issues, and ultimately determining the organization's risk to cybersecurity threats.
Perform network mapping and reconnaissance, document Rules of Engagement to guide the scope, develops test plan, and assists with acquiring management approval.
External Testing: Conduct a variety of penetration tests based on system's criticality, test objectives, and organization's requirements to include:
Working with IT personnel to define scope for targeted testing
Mimicking an outside attacker to gain access to system and what information can be accessed.
Internal Testing: Mimic an outside an insider attack to determine risk employees with various access levels pose to the organization.
Red Team Testing: Focus testing activity towards accessing specific target datasets. Testing methodology should include crafted e-mails, custom public websites, exploit code, and social engineering.
Analyze test results, develop a report on discovered vulnerabilities, and provide risk-based recommendations to remediate those vulnerabilities.
Core Requirements
• Active Security Clearance
• Federal Contracting Experience
Familiarity with working in government environments, including compliance with NIST, FISMA, and FedRAMP standards.
Technical Skills
• Penetration Testing Tools
• Vulnerability Remediation
• Operating Systems Expertise
Deep understanding of Windows, Linux, and macOS internals.
• Scripting & Programming
Experience with Python, PowerShell, Bash, or other scripting languages used in automation and exploit development.
• Network & Web Application Testing
Ability to identify and exploit vulnerabilities in networks, APIs, and web applications (e.g., SQLi, XSS, CSRF).
• Active Directory & Cloud Environments
Experience with AD enumeration and exploitation; familiarity with cloud platforms like AWS, Azure, and GCP.
Certifications (Preferred)
• HVA Operator Certification strongly desired
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• GPEN (GIAC Penetration Tester)
• CPT (Certified Penetration Tester)
group id: cxjudgpa
