Penetration Tester

Overview

Tunuva Technologies (a wholly owned subsidiary of VTG) is looking to hire a Penetration Tester to conduct technical testing and evaluation of customer's Information Systems (IS), produce detailed reports, and recommendations to the Government that will improve information systems confidentiality, integrity, and availability. This position is also responsible for performing security focused services to improve the security posture of the customer's information systems.

What will you do?

Responsibilities

• Conduct Vulnerability Assessment of network, host, and web applications, leveraging tools such as Tenable Nessus, NMAP, Wireshark, Rapid7 Metasploit, Burp Suite, etc.
• Work closely with the Security Control Assessor to perform IT security assessments in support of Risk Management Framework (RMF).
• Maintain vulnerability assessment toolkit utilizing Ubuntu and Kali platforms
• Prepare assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Research vendor security advisories, vulnerability reports, product changelogs, bug trackers, commits, exploits, and other sources to triage vulnerabilities.
• Communicate effectively with various stakeholders, including System Owners, Administrators, and Program Management.
• Participate in meetings and briefings to coordinate test events, recommend remediation, and provide lessons learned.
• Perform Integrated Security Assessment Program (ISAP) and Technical Information Systems Security Reviews (TISSRs).

Do you have what it takes?

Requirements

• TS/SCI with Polygraph
• Bachelor's degree or higher and 3 years of pen tester experience OR High School/GED and 5 years of relevant experience OR Associate's degree and 4 years of relevant experience OR Master's degree or higher and 2 years of relevant experience
• Knowledge of network security architecture concepts including protocols, components, and principles.
• Knowledge of Risk Management Framework, in particular the technical controls within NIST 800-53.
• Knowledge of system and application security threats and vulnerabilities, TCP/IP, and the OSI Model.
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of threat research, vulnerability analysis, risk assessment, CVSS scoring, and Common Vulnerabilities and Exposures (CVE).
• Strong problem-solving and critical-thinking skills with the ability to diagnose and troubleshoot technical issues.
• Excellent problem solving and troubleshooting skills with a strong attention to detail.
• Excellent verbal and written communication skills, including the ability to convey technical details in a clear and understandable manner to a variety of audiences.
• Willingness to obtain and maintain Security+ or equivalent certification.
• Willing to support up to 20% travel as needed.

Desired Qualifications

• Experience evaluating systems and recommending changes to improve security posture.
• Experience with penetration testing, system and network configuration, and familiarity with different operating systems and virtualization platforms.
• Skill in conducting vulnerability scans and recognizing vulnerabilities and remediation recommendations.
• Hands on experience using industry standard vulnerability assessment tools and techniques (NMAP, Nessus, Metasploit, Wireshark).
• Experience with cloud environments.
• Ability to research, develop, and maintain knowledge of penetration testing tools, tactics, techniques, and procedures.
• Ability to incorporate threat intelligence data into attack or penetration testing scenarios.
• Experience with simulated/emulated environments and/or virtualization technologies.
• Experience with orchestration tools and virtualization environments (Docker, Kubernetes, etc.).
• ICD 503 and the Government's certification and accreditation process.
• System methodologies including: client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers.
• Windows, Linux, Unix, and Mac OS X administration.
• VMware, Xen, Hyper V and other virtualization platforms.
• Configuring and supporting Windows, Linux, Unix, Mac OS, and other operating systems.
• Configuring and supporting VMware, Xen, Hyper V and other virtualization platforms.
• Information system engineering practices.
• System certification activities and efforts related to system certification and accreditation.
• Research, development, integration, and distribution of information systems security tools and associated documentation.
• Education relevant to computer engineering, information security, information management, cyber security, and/or computer science.
• Penetration Testing or Vulnerability Assessment specific certifications (such as CEH, PenTest+, OSCP, GPEN) are a plus.