Job Requirements
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an ICAM Pen Tester with a Secret Security clearance to support KITS and our government customer. The position is remote.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an experienced ICAM Penetration Tester to join a team supporting Identity, Credential, and Access Management (ICAM) solutions for our government customers. The ideal candidate is a highly skilled and technically proficient security professional with deep expertise in penetration testing methodologies and a strong understanding of identity and access management architectures, protocols, and technologies in a federal environment. This individual will play a critical role in proactively identifying and assessing vulnerabilities within ICAM systems and infrastructure, helping to strengthen the overall security posture of mission-critical identity and access management programs.
The ICAM Penetration Tester will be responsible for planning, executing, and reporting on penetration tests and security assessments targeting ICAM systems, infrastructure, and related integrations in a federal government environment. This individual will work closely with ICAM engineers, information system security managers (ISSMs), security teams, and government stakeholders to identify vulnerabilities, assess risk, and provide actionable remediation recommendations that strengthen the security of identity and access management solutions.
Principal responsibilities will include but are not limited to:
Education and Experience:
Required:
Clearance Requirement:
Required Skills and Competencies:
Desired Skills and Competencies:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an experienced ICAM Penetration Tester to join a team supporting Identity, Credential, and Access Management (ICAM) solutions for our government customers. The ideal candidate is a highly skilled and technically proficient security professional with deep expertise in penetration testing methodologies and a strong understanding of identity and access management architectures, protocols, and technologies in a federal environment. This individual will play a critical role in proactively identifying and assessing vulnerabilities within ICAM systems and infrastructure, helping to strengthen the overall security posture of mission-critical identity and access management programs.
The ICAM Penetration Tester will be responsible for planning, executing, and reporting on penetration tests and security assessments targeting ICAM systems, infrastructure, and related integrations in a federal government environment. This individual will work closely with ICAM engineers, information system security managers (ISSMs), security teams, and government stakeholders to identify vulnerabilities, assess risk, and provide actionable remediation recommendations that strengthen the security of identity and access management solutions.
Principal responsibilities will include but are not limited to:
- Plan, scope, and execute penetration tests and security assessments against ICAM systems, platforms, and integrations, including identity providers, access management solutions, directory services, and federation components.
- Conduct targeted security assessments of ICAM-specific attack surfaces, including authentication mechanisms, authorization controls, identity federation protocols, single sign-on implementations, multi-factor authentication configurations, and privileged access management systems.
- Perform adversarial simulations and red team exercises focused on identity-based attack techniques, including credential theft, privilege escalation, lateral movement, token manipulation, session hijacking, and identity spoofing.
- Assess the security of ICAM protocols and standards implementations, including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP, and Kerberos, identifying misconfigurations and exploitable weaknesses.
- Conduct vulnerability assessments and security reviews of ICAM platform configurations, including Okta, SailPoint, Active Directory, and related identity infrastructure components.
- Perform web application penetration testing against ICAM portals, administrative consoles, APIs, and self-service interfaces.
- Conduct API security testing against ICAM REST and SCIM APIs, identifying vulnerabilities such as broken object level authorization, excessive data exposure, and injection flaws.
- Simulate social engineering and phishing attacks targeting identity credentials and authentication mechanisms to assess human and technical control effectiveness.
- Document and communicate penetration test findings in clear, detailed reports tailored to both technical and executive audiences, including vulnerability descriptions, risk ratings, evidence, and actionable remediation recommendations.
- Collaborate with ICAM engineers, administrators, and ISSMs to validate and prioritize remediation efforts and re-test vulnerabilities following remediation activities.
- Support the development and maintenance of penetration testing methodologies, playbooks, and procedures specific to ICAM environments.
- Contribute to threat modeling activities, identifying potential attack vectors and adversarial techniques relevant to ICAM architectures and federal identity management programs.
- Stay current with the latest identity-related vulnerabilities, attack techniques, threat actor tactics, techniques, and procedures (TTPs), and emerging security research relevant to ICAM.
- Support ATO processes by contributing findings and security assessment results to security documentation, including Security Assessment Reports (SARs) and Plans of Action and Milestones (POA&Ms).
- Provide technical guidance and recommendations on ICAM security hardening, secure configuration baselines, and identity security best practices.
- Participate in purple team exercises, collaborating with defensive security teams to improve detection and response capabilities for identity-based attacks.
Education and Experience:
Required:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field from an accredited college or university; equivalent work experience may be considered in lieu of a degree.
- 4+ years of hands-on experience conducting penetration tests and security assessments in an enterprise or federal government IT environment.
- 2+ years of experience performing security assessments specifically targeting identity and access management systems, protocols, or infrastructure.
Clearance Requirement:
- Active Secret Clearance required.
Required Skills and Competencies:
- Exceptional communication skills in English - both written and oral - with the ability to clearly communicate complex technical vulnerabilities and risks to both technical and non-technical audiences, including senior leadership and government stakeholders.
- Demonstrated hands-on experience planning and executing penetration tests using industry-standard methodologies, including PTES (Penetration Testing Execution Standard), OWASP Testing Guide, and MITRE ATT&CK framework.
- Deep understanding of identity and access management attack techniques and adversarial tactics, including credential harvesting, pass-the-hash, pass-the-ticket, Kerberoasting, golden ticket attacks, token forgery, OAuth abuse, and SAML injection.
- Strong knowledge of ICAM protocols and their associated vulnerabilities, including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP, Kerberos, and SCIM.
- Experience conducting web application penetration testing, including testing of authentication and authorization mechanisms, session management, and API security.
- Proficiency with penetration testing tools and frameworks, including Metasploit, Burp Suite, Cobalt Strike, BloodHound, Impacket, Mimikatz, or equivalent toolsets.
- Experience assessing Active Directory environments for identity-related vulnerabilities, misconfigurations, and attack paths.
- Familiarity with Okta, SailPoint, or similar ICAM platforms and the ability to assess their configurations for security weaknesses.
- Experience developing detailed, high-quality penetration test reports with clear vulnerability descriptions, risk ratings, evidence, and remediation recommendations.
- Knowledge of common vulnerability scoring systems, including CVSS, and the ability to accurately assess and communicate risk severity.
- Strong understanding of network protocols, operating systems, and cloud environments and their intersection with identity security.
- Familiarity with NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment) and other federal security assessment standards.
- Ability to work collaboratively with defensive security teams, ICAM engineers, and government stakeholders in a responsible and professional manner.
Desired Skills and Competencies:
- Experience conducting penetration tests and red team exercises in a federal government IT environment, including classified or sensitive environments.
- Offensive Security Certified Professional (OSCP) or equivalent hands-on penetration testing certification.
- Offensive Security Experienced Penetration Tester (OSEP) or Offensive Security Web Expert (OSWE) certification.
- GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification.
- Certified Ethical Hacker (CEH) or equivalent certification.
- Experience conducting cloud penetration testing against AWS, Azure, or Google Cloud environments, with a focus on cloud identity and access management services.
- Familiarity with FedRAMP security requirements and the security considerations associated with cloud-hosted ICAM solutions.
- Experience with adversary simulation frameworks and tools, including MITRE ATT&CK, Cobalt Strike, and Atomic Red Team.
- Knowledge of Privileged Access Management (PAM) platforms such as CyberArk or BeyondTrust and their associated attack surfaces.
- Understanding of PIV/CAC authentication mechanisms and potential vulnerabilities associated with federal smart card implementations.
- Experience with threat intelligence platforms and the ability to incorporate threat actor TTPs into penetration test planning and execution.
- Familiarity with Zero Trust Architecture principles and their implications for identity-based attack surfaces.
- Experience supporting purple team exercises and collaborating with SOC and incident response teams to improve detection and response capabilities.
- CISSP, CISM, or CompTIA Security+ certification.
- Experience with scripting languages such as Python, PowerShell, or Bash for custom exploit development and automation of penetration testing tasks.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473