Pen Tester, SME/Level 4

Responsibilities

Arcfield's Cyber programs are expanding and currently in need of Penetration Tester (Pen Tester), Level 4 (SME) professionals to review and evaluate NRO Information Systems (IS) and recommend changes to the Government that can improve information confidentiality, integrity, and availability. Note: An offer for this position is contingent upon contract award.

Responsibilities include, but are not limited to the following:

• Conduct basic reconnaissance and vulnerability scanning using established methodologies
• Identify, document, and report common vulnerabilities that could be exploited
• Perform security-focused services to improve the security posture of NRO Information Systems
• Execute active and passive penetration testing capabilities on NRO IT assets, as per government policy and direction
• Document findings in detailed reports for inclusion in Security Assessment Reports (SARs)
• Support Risk Management Framework (RMF) Steps 4 and 6 processes
• Review and write Information System Accreditation Packages (ISAPs) and Technical Information System Security Requirements (TISSRs)
• Conduct approved testing as well as writing reports following government-approved templates
• Complete ISAP/TISSR reports within 30 calendar days of on-site assessment completion
• Maintain and update report templates with government approval
• Demonstrate basic scripting abilities and understanding of network fundamentals
• Proficiently use vulnerability scanning tools
• Adhere to rules of engagement agreements between COMM Pen Testers and NRO Program ISO
• Collaborate with Program Offices to determine the scope and depth of Information System testing

Qualifications

Required

• Must be able to possess and maintain a TS/SCI clearance with Poly
• BS 10-12 Years, MS 8-10 Years, Phd 5-7 Years
• Bachelor/STEM with 7+yrs Relevant Experience
• Certifications (One or more):
  • GCIH
  • GPEN
  • PenTest+
• Basic scripting abilities
• Basic understanding of network fundamentals
• Basic understanding of vulnerability scanning tools
• Expertise in:
  • Network protocols
  • Application security
  • Social engineering
  • Advanced scripting
• Extensive knowledge of:
  • Cybersecurity frameworks
  • Industry standards
  • Advanced security tools
• 6+ yrs-Pen Testing experience
• Strong leadership and project management abilities
• Excellent communication skills (both written and verbal)
• Ability to work with both technical and non-technical stakeholders
• Problem-solving and analytical thinking skills
• Ability to work under pressure and manage multiple priorities

Desired

• BS/STEM degree(s) in Computer Science, Information Technology, Cybersecurity, or a related field
• Experience with government and military IT systems, particularly in the IC and DoD environments
• Understanding of IC and DoD organizational structures and processes
• Familiarity with government reporting requirements and procedures
• Demonstrated ability to develop innovative solutions for complex technical problems
• Recognition as an authority in information security within previous roles
• Experience in developing and implementing security policies and procedures

EEO Statement

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.