Position Title:PenTest 2 Position Type:Full-time, On-Site Position Location:Chantilly, VA Clearance:Active TS/SC w/ CI Poly
Waypoint’s client is seeking a Penetration Tester (PenTest) Level 2to join their growing team. PenTest Level 2 is responsible for reviewing, evaluating, and enhancing the security posture of information systems through thorough testing and analysis. Pen Testers assess vulnerabilities, recommend improvements, and perform security-focused services to safeguard information assets. The role requires significant technical expertise and experience to effectively execute penetration testing activities.
Responsibilities:
Review and evaluate NRO information systems to identify vulnerabilities and recommend security enhancements to the Government.
Perform penetration testing and red teaming activities to assess and improve the security posture of NRO information systems.
Conduct threat hunting exercises to proactively identify potential security threats and weaknesses.
Demonstrate strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
Utilize penetration testing methodologies such as MITRE ATT&CK and OWASP to conduct thorough assessments.
Employ common penetration testing tools, tactics, techniques, and procedures to identify and exploit security weaknesses.
Research, develop, and maintain knowledge of penetration testing tools and techniques to stay current with emerging threats.
Incorporate threat intelligence data into penetration testing scenarios to simulate real-world attack scenarios.
Troubleshoot and resolve security issues with a strong attention to detail and problem-solving skills.
Develop and maintain code using interpreted languages like Python, PHP, or Ruby for scripting purposes.
Utilize simulated/emulated environments and virtualization technologies for testing purposes.
Familiarity with orchestration tools and virtualization environments such as Docker and Kubernetes.
Experience with industrial control systems deployment, security best practices, vulnerabilities, and penetration testing.
Knowledge of ICD 503 and the Government's certification and accreditation process.
Proficiency in configuring and supporting various operating systems including Windows, Linux, Unix, and Mac OS X.
Experience with configuring and supporting virtualization platforms like VMware, Xen, and Hyper V.
Participate in system certification activities and efforts related to system certification and accreditation.
Collaborate with cross-functional teams to develop, integrate, and distribute information systems security tools and documentation.
Ensure consistent security policy implementation through adherence to security procedures for systems and software.
Provide technical project management support as needed.
Requirements:
Bachelor's Degree or higher with 3 years of relevant experience, OR High School GED with 5 years, OR Associate's Degree with 4 years, OR Master's Degree or higher with 2 years.
Degree in Engineering, Cyber Security, Computer Science, or related field of study is desired.
Experience in performing Certification & Accreditation or Assessment & Authorization testing is preferred.
Cyber security experience with emphasis on red teaming, penetration testing, or threat hunting.
Strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
Proficiency in penetration testing methodologies (MITRE ATT&CK, OWASP).
Ability to utilize common penetration tools and incorporate threat intelligence data.
Proficiency in troubleshooting, code reading/writing (Python, PHP, Ruby), and virtualization technologies.
Experience with cloud environments, industrial control systems, and ICD 503/Government's certification process.
Familiarity with system methodologies, software integration, and security procedures.
Relevant education in computer engineering, information security, cyber security, or computer science.